pompelmi 0.32.1 → 0.34.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. package/README.md +355 -957
  2. package/dist/pompelmi.audit.cjs +130 -0
  3. package/dist/pompelmi.audit.cjs.map +1 -0
  4. package/dist/pompelmi.audit.esm.js +109 -0
  5. package/dist/pompelmi.audit.esm.js.map +1 -0
  6. package/dist/pompelmi.browser.cjs +1455 -0
  7. package/dist/pompelmi.browser.cjs.map +1 -0
  8. package/dist/pompelmi.browser.esm.js +1429 -0
  9. package/dist/pompelmi.browser.esm.js.map +1 -0
  10. package/dist/pompelmi.cjs +1403 -3118
  11. package/dist/pompelmi.cjs.map +1 -1
  12. package/dist/pompelmi.esm.js +1397 -3116
  13. package/dist/pompelmi.esm.js.map +1 -1
  14. package/dist/pompelmi.hooks.cjs +75 -0
  15. package/dist/pompelmi.hooks.cjs.map +1 -0
  16. package/dist/pompelmi.hooks.esm.js +72 -0
  17. package/dist/pompelmi.hooks.esm.js.map +1 -0
  18. package/dist/pompelmi.policy-packs.cjs +239 -0
  19. package/dist/pompelmi.policy-packs.cjs.map +1 -0
  20. package/dist/pompelmi.policy-packs.esm.js +231 -0
  21. package/dist/pompelmi.policy-packs.esm.js.map +1 -0
  22. package/dist/pompelmi.quarantine.cjs +315 -0
  23. package/dist/pompelmi.quarantine.cjs.map +1 -0
  24. package/dist/pompelmi.quarantine.esm.js +291 -0
  25. package/dist/pompelmi.quarantine.esm.js.map +1 -0
  26. package/dist/pompelmi.react.cjs +1486 -0
  27. package/dist/pompelmi.react.cjs.map +1 -0
  28. package/dist/pompelmi.react.esm.js +1459 -0
  29. package/dist/pompelmi.react.esm.js.map +1 -0
  30. package/dist/types/audit.d.ts +84 -0
  31. package/dist/types/browser-index.d.ts +28 -2
  32. package/dist/types/config.d.ts +3 -2
  33. package/dist/types/hooks.d.ts +89 -0
  34. package/dist/types/index.d.ts +17 -9
  35. package/dist/types/policy-packs.d.ts +98 -0
  36. package/dist/types/quarantine/index.d.ts +18 -0
  37. package/dist/types/quarantine/storage.d.ts +77 -0
  38. package/dist/types/quarantine/types.d.ts +78 -0
  39. package/dist/types/quarantine/workflow.d.ts +97 -0
  40. package/dist/types/react-index.d.ts +13 -0
  41. package/dist/types/scanners/common-heuristics.d.ts +2 -2
  42. package/dist/types/types.d.ts +0 -1
  43. package/package.json +55 -4
package/dist/pompelmi.esm.js CHANGED
@@ -3,6 +3,81 @@ import { createHash } from 'crypto';
3
3
  import * as os from 'os';
4
4
  import * as path from 'path';
5
5
 
6
+ function hasAsciiToken(buf, token) {
7
+ // Use latin1 so we can safely search binary
8
+ return buf.indexOf(token, 0, 'latin1') !== -1;
9
+ }
10
+ function startsWith(buf, bytes) {
11
+ if (buf.length < bytes.length)
12
+ return false;
13
+ for (let i = 0; i < bytes.length; i++)
14
+ if (buf[i] !== bytes[i])
15
+ return false;
16
+ return true;
17
+ }
18
+ function isPDF(buf) {
19
+ // %PDF-
20
+ return startsWith(buf, [0x25, 0x50, 0x44, 0x46, 0x2d]);
21
+ }
22
+ function isOleCfb(buf) {
23
+ // D0 CF 11 E0 A1 B1 1A E1
24
+ const sig = [0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1];
25
+ return startsWith(buf, sig);
26
+ }
27
+ function isZipLike$1(buf) {
28
+ // PK\x03\x04
29
+ return startsWith(buf, [0x50, 0x4b, 0x03, 0x04]);
30
+ }
31
+ function isPeExecutable(buf) {
32
+ // "MZ"
33
+ return startsWith(buf, [0x4d, 0x5a]);
34
+ }
35
+ /** OOXML macro hint via filename token in ZIP container */
36
+ function hasOoxmlMacros(buf) {
37
+ if (!isZipLike$1(buf))
38
+ return false;
39
+ return hasAsciiToken(buf, 'vbaProject.bin');
40
+ }
41
+ /** PDF risky features (/JavaScript, /OpenAction, /AA, /Launch) */
42
+ function pdfRiskTokens(buf) {
43
+ const tokens = ['/JavaScript', '/OpenAction', '/AA', '/Launch'];
44
+ return tokens.filter(t => hasAsciiToken(buf, t));
45
+ }
46
+ const CommonHeuristicsScanner = {
47
+ async scan(input) {
48
+ const buf = Buffer.from(input);
49
+ const matches = [];
50
+ // Office macros (OLE / OOXML)
51
+ if (isOleCfb(buf)) {
52
+ matches.push({ rule: 'office_ole_container', severity: 'suspicious' });
53
+ }
54
+ if (hasOoxmlMacros(buf)) {
55
+ matches.push({ rule: 'office_ooxml_macros', severity: 'suspicious' });
56
+ }
57
+ // PDF risky tokens
58
+ if (isPDF(buf)) {
59
+ const toks = pdfRiskTokens(buf);
60
+ if (toks.length) {
61
+ matches.push({
62
+ rule: 'pdf_risky_actions',
63
+ severity: 'suspicious',
64
+ meta: { tokens: toks }
65
+ });
66
+ }
67
+ }
68
+ // Executable header
69
+ if (isPeExecutable(buf)) {
70
+ matches.push({ rule: 'pe_executable_signature', severity: 'suspicious' });
71
+ }
72
+ // EICAR test file
73
+ const EICAR_NEEDLE = "X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!";
74
+ if (hasAsciiToken(buf, EICAR_NEEDLE)) {
75
+ matches.push({ rule: 'eicar_test_file', severity: 'high', meta: { note: 'EICAR standard antivirus test file detected' } });
76
+ }
77
+ return matches;
78
+ }
79
+ };
80
+
6
81
  function toScanFn(s) {
7
82
  return (typeof s === "function" ? s : s.scan);
8
83
  }
@@ -113,6 +188,8 @@ function composeScanners(...args) {
113
188
  }
114
189
  function createPresetScanner(preset, opts = {}) {
115
190
  const scanners = [];
191
+ // Always include heuristics (EICAR, PHP webshells, JS obfuscation, PE hints, etc.)
192
+ scanners.push(CommonHeuristicsScanner);
116
193
  // Add decompilation scanners based on preset
117
194
  if (preset === 'decompilation-basic' || preset === 'decompilation-deep' ||
118
195
  preset === 'malware-analysis' || opts.enableDecompilation) {
@@ -160,17 +237,6 @@ function createPresetScanner(preset, opts = {}) {
160
237
  }
161
238
  }
162
239
  }
163
- // Add other scanners for advanced presets
164
- if (preset === 'advanced' || preset === 'malware-analysis') {
165
- // Add heuristics scanner
166
- try {
167
- const { CommonHeuristicsScanner } = require('./scanners/common-heuristics');
168
- scanners.push(new CommonHeuristicsScanner());
169
- }
170
- catch {
171
- // Heuristics not available
172
- }
173
- }
174
240
  if (scanners.length === 0) {
175
241
  // Fallback scanner that returns no matches
176
242
  return async (_input, _ctx) => {
@@ -179,32 +245,6 @@ function createPresetScanner(preset, opts = {}) {
179
245
  }
180
246
  return composeScanners(...scanners);
181
247
  }
182
- // Preset configurations
183
- const PRESET_CONFIGS = {
184
- 'basic': {
185
- timeout: 10000
186
- },
187
- 'advanced': {
188
- timeout: 30000,
189
- enableDecompilation: false
190
- },
191
- 'malware-analysis': {
192
- timeout: 60000,
193
- enableDecompilation: true,
194
- decompilationEngine: 'both',
195
- decompilationDepth: 'deep'
196
- },
197
- 'decompilation-basic': {
198
- timeout: 30000,
199
- enableDecompilation: true,
200
- decompilationDepth: 'basic'
201
- },
202
- 'decompilation-deep': {
203
- timeout: 120000,
204
- enableDecompilation: true,
205
- decompilationDepth: 'deep'
206
- }
207
- };
208
248
 
209
249
  /**
210
250
  * Performance monitoring utilities for pompelmi scans
@@ -782,1900 +822,6 @@ function validateFile(file) {
782
822
  return { valid: true };
783
823
  }
784
824
 
785
- var react = {exports: {}};
786
-
787
- var react_production = {};
788
-
789
- /**
790
- * @license React
791
- * react.production.js
792
- *
793
- * Copyright (c) Meta Platforms, Inc. and affiliates.
794
- *
795
- * This source code is licensed under the MIT license found in the
796
- * LICENSE file in the root directory of this source tree.
797
- */
798
-
799
- var hasRequiredReact_production;
800
-
801
- function requireReact_production () {
802
- if (hasRequiredReact_production) return react_production;
803
- hasRequiredReact_production = 1;
804
- var REACT_ELEMENT_TYPE = Symbol.for("react.transitional.element"),
805
- REACT_PORTAL_TYPE = Symbol.for("react.portal"),
806
- REACT_FRAGMENT_TYPE = Symbol.for("react.fragment"),
807
- REACT_STRICT_MODE_TYPE = Symbol.for("react.strict_mode"),
808
- REACT_PROFILER_TYPE = Symbol.for("react.profiler"),
809
- REACT_CONSUMER_TYPE = Symbol.for("react.consumer"),
810
- REACT_CONTEXT_TYPE = Symbol.for("react.context"),
811
- REACT_FORWARD_REF_TYPE = Symbol.for("react.forward_ref"),
812
- REACT_SUSPENSE_TYPE = Symbol.for("react.suspense"),
813
- REACT_MEMO_TYPE = Symbol.for("react.memo"),
814
- REACT_LAZY_TYPE = Symbol.for("react.lazy"),
815
- REACT_ACTIVITY_TYPE = Symbol.for("react.activity"),
816
- MAYBE_ITERATOR_SYMBOL = Symbol.iterator;
817
- function getIteratorFn(maybeIterable) {
818
- if (null === maybeIterable || "object" !== typeof maybeIterable) return null;
819
- maybeIterable =
820
- (MAYBE_ITERATOR_SYMBOL && maybeIterable[MAYBE_ITERATOR_SYMBOL]) ||
821
- maybeIterable["@@iterator"];
822
- return "function" === typeof maybeIterable ? maybeIterable : null;
823
- }
824
- var ReactNoopUpdateQueue = {
825
- isMounted: function () {
826
- return false;
827
- },
828
- enqueueForceUpdate: function () {},
829
- enqueueReplaceState: function () {},
830
- enqueueSetState: function () {}
831
- },
832
- assign = Object.assign,
833
- emptyObject = {};
834
- function Component(props, context, updater) {
835
- this.props = props;
836
- this.context = context;
837
- this.refs = emptyObject;
838
- this.updater = updater || ReactNoopUpdateQueue;
839
- }
840
- Component.prototype.isReactComponent = {};
841
- Component.prototype.setState = function (partialState, callback) {
842
- if (
843
- "object" !== typeof partialState &&
844
- "function" !== typeof partialState &&
845
- null != partialState
846
- )
847
- throw Error(
848
- "takes an object of state variables to update or a function which returns an object of state variables."
849
- );
850
- this.updater.enqueueSetState(this, partialState, callback, "setState");
851
- };
852
- Component.prototype.forceUpdate = function (callback) {
853
- this.updater.enqueueForceUpdate(this, callback, "forceUpdate");
854
- };
855
- function ComponentDummy() {}
856
- ComponentDummy.prototype = Component.prototype;
857
- function PureComponent(props, context, updater) {
858
- this.props = props;
859
- this.context = context;
860
- this.refs = emptyObject;
861
- this.updater = updater || ReactNoopUpdateQueue;
862
- }
863
- var pureComponentPrototype = (PureComponent.prototype = new ComponentDummy());
864
- pureComponentPrototype.constructor = PureComponent;
865
- assign(pureComponentPrototype, Component.prototype);
866
- pureComponentPrototype.isPureReactComponent = true;
867
- var isArrayImpl = Array.isArray;
868
- function noop() {}
869
- var ReactSharedInternals = { H: null, A: null, T: null, S: null },
870
- hasOwnProperty = Object.prototype.hasOwnProperty;
871
- function ReactElement(type, key, props) {
872
- var refProp = props.ref;
873
- return {
874
- $$typeof: REACT_ELEMENT_TYPE,
875
- type: type,
876
- key: key,
877
- ref: void 0 !== refProp ? refProp : null,
878
- props: props
879
- };
880
- }
881
- function cloneAndReplaceKey(oldElement, newKey) {
882
- return ReactElement(oldElement.type, newKey, oldElement.props);
883
- }
884
- function isValidElement(object) {
885
- return (
886
- "object" === typeof object &&
887
- null !== object &&
888
- object.$$typeof === REACT_ELEMENT_TYPE
889
- );
890
- }
891
- function escape(key) {
892
- var escaperLookup = { "=": "=0", ":": "=2" };
893
- return (
894
- "$" +
895
- key.replace(/[=:]/g, function (match) {
896
- return escaperLookup[match];
897
- })
898
- );
899
- }
900
- var userProvidedKeyEscapeRegex = /\/+/g;
901
- function getElementKey(element, index) {
902
- return "object" === typeof element && null !== element && null != element.key
903
- ? escape("" + element.key)
904
- : index.toString(36);
905
- }
906
- function resolveThenable(thenable) {
907
- switch (thenable.status) {
908
- case "fulfilled":
909
- return thenable.value;
910
- case "rejected":
911
- throw thenable.reason;
912
- default:
913
- switch (
914
- ("string" === typeof thenable.status
915
- ? thenable.then(noop, noop)
916
- : ((thenable.status = "pending"),
917
- thenable.then(
918
- function (fulfilledValue) {
919
- "pending" === thenable.status &&
920
- ((thenable.status = "fulfilled"),
921
- (thenable.value = fulfilledValue));
922
- },
923
- function (error) {
924
- "pending" === thenable.status &&
925
- ((thenable.status = "rejected"), (thenable.reason = error));
926
- }
927
- )),
928
- thenable.status)
929
- ) {
930
- case "fulfilled":
931
- return thenable.value;
932
- case "rejected":
933
- throw thenable.reason;
934
- }
935
- }
936
- throw thenable;
937
- }
938
- function mapIntoArray(children, array, escapedPrefix, nameSoFar, callback) {
939
- var type = typeof children;
940
- if ("undefined" === type || "boolean" === type) children = null;
941
- var invokeCallback = false;
942
- if (null === children) invokeCallback = true;
943
- else
944
- switch (type) {
945
- case "bigint":
946
- case "string":
947
- case "number":
948
- invokeCallback = true;
949
- break;
950
- case "object":
951
- switch (children.$$typeof) {
952
- case REACT_ELEMENT_TYPE:
953
- case REACT_PORTAL_TYPE:
954
- invokeCallback = true;
955
- break;
956
- case REACT_LAZY_TYPE:
957
- return (
958
- (invokeCallback = children._init),
959
- mapIntoArray(
960
- invokeCallback(children._payload),
961
- array,
962
- escapedPrefix,
963
- nameSoFar,
964
- callback
965
- )
966
- );
967
- }
968
- }
969
- if (invokeCallback)
970
- return (
971
- (callback = callback(children)),
972
- (invokeCallback =
973
- "" === nameSoFar ? "." + getElementKey(children, 0) : nameSoFar),
974
- isArrayImpl(callback)
975
- ? ((escapedPrefix = ""),
976
- null != invokeCallback &&
977
- (escapedPrefix =
978
- invokeCallback.replace(userProvidedKeyEscapeRegex, "$&/") + "/"),
979
- mapIntoArray(callback, array, escapedPrefix, "", function (c) {
980
- return c;
981
- }))
982
- : null != callback &&
983
- (isValidElement(callback) &&
984
- (callback = cloneAndReplaceKey(
985
- callback,
986
- escapedPrefix +
987
- (null == callback.key ||
988
- (children && children.key === callback.key)
989
- ? ""
990
- : ("" + callback.key).replace(
991
- userProvidedKeyEscapeRegex,
992
- "$&/"
993
- ) + "/") +
994
- invokeCallback
995
- )),
996
- array.push(callback)),
997
- 1
998
- );
999
- invokeCallback = 0;
1000
- var nextNamePrefix = "" === nameSoFar ? "." : nameSoFar + ":";
1001
- if (isArrayImpl(children))
1002
- for (var i = 0; i < children.length; i++)
1003
- (nameSoFar = children[i]),
1004
- (type = nextNamePrefix + getElementKey(nameSoFar, i)),
1005
- (invokeCallback += mapIntoArray(
1006
- nameSoFar,
1007
- array,
1008
- escapedPrefix,
1009
- type,
1010
- callback
1011
- ));
1012
- else if (((i = getIteratorFn(children)), "function" === typeof i))
1013
- for (
1014
- children = i.call(children), i = 0;
1015
- !(nameSoFar = children.next()).done;
1016
-
1017
- )
1018
- (nameSoFar = nameSoFar.value),
1019
- (type = nextNamePrefix + getElementKey(nameSoFar, i++)),
1020
- (invokeCallback += mapIntoArray(
1021
- nameSoFar,
1022
- array,
1023
- escapedPrefix,
1024
- type,
1025
- callback
1026
- ));
1027
- else if ("object" === type) {
1028
- if ("function" === typeof children.then)
1029
- return mapIntoArray(
1030
- resolveThenable(children),
1031
- array,
1032
- escapedPrefix,
1033
- nameSoFar,
1034
- callback
1035
- );
1036
- array = String(children);
1037
- throw Error(
1038
- "Objects are not valid as a React child (found: " +
1039
- ("[object Object]" === array
1040
- ? "object with keys {" + Object.keys(children).join(", ") + "}"
1041
- : array) +
1042
- "). If you meant to render a collection of children, use an array instead."
1043
- );
1044
- }
1045
- return invokeCallback;
1046
- }
1047
- function mapChildren(children, func, context) {
1048
- if (null == children) return children;
1049
- var result = [],
1050
- count = 0;
1051
- mapIntoArray(children, result, "", "", function (child) {
1052
- return func.call(context, child, count++);
1053
- });
1054
- return result;
1055
- }
1056
- function lazyInitializer(payload) {
1057
- if (-1 === payload._status) {
1058
- var ctor = payload._result;
1059
- ctor = ctor();
1060
- ctor.then(
1061
- function (moduleObject) {
1062
- if (0 === payload._status || -1 === payload._status)
1063
- (payload._status = 1), (payload._result = moduleObject);
1064
- },
1065
- function (error) {
1066
- if (0 === payload._status || -1 === payload._status)
1067
- (payload._status = 2), (payload._result = error);
1068
- }
1069
- );
1070
- -1 === payload._status && ((payload._status = 0), (payload._result = ctor));
1071
- }
1072
- if (1 === payload._status) return payload._result.default;
1073
- throw payload._result;
1074
- }
1075
- var reportGlobalError =
1076
- "function" === typeof reportError
1077
- ? reportError
1078
- : function (error) {
1079
- if (
1080
- "object" === typeof window &&
1081
- "function" === typeof window.ErrorEvent
1082
- ) {
1083
- var event = new window.ErrorEvent("error", {
1084
- bubbles: true,
1085
- cancelable: true,
1086
- message:
1087
- "object" === typeof error &&
1088
- null !== error &&
1089
- "string" === typeof error.message
1090
- ? String(error.message)
1091
- : String(error),
1092
- error: error
1093
- });
1094
- if (!window.dispatchEvent(event)) return;
1095
- } else if (
1096
- "object" === typeof process &&
1097
- "function" === typeof process.emit
1098
- ) {
1099
- process.emit("uncaughtException", error);
1100
- return;
1101
- }
1102
- console.error(error);
1103
- },
1104
- Children = {
1105
- map: mapChildren,
1106
- forEach: function (children, forEachFunc, forEachContext) {
1107
- mapChildren(
1108
- children,
1109
- function () {
1110
- forEachFunc.apply(this, arguments);
1111
- },
1112
- forEachContext
1113
- );
1114
- },
1115
- count: function (children) {
1116
- var n = 0;
1117
- mapChildren(children, function () {
1118
- n++;
1119
- });
1120
- return n;
1121
- },
1122
- toArray: function (children) {
1123
- return (
1124
- mapChildren(children, function (child) {
1125
- return child;
1126
- }) || []
1127
- );
1128
- },
1129
- only: function (children) {
1130
- if (!isValidElement(children))
1131
- throw Error(
1132
- "React.Children.only expected to receive a single React element child."
1133
- );
1134
- return children;
1135
- }
1136
- };
1137
- react_production.Activity = REACT_ACTIVITY_TYPE;
1138
- react_production.Children = Children;
1139
- react_production.Component = Component;
1140
- react_production.Fragment = REACT_FRAGMENT_TYPE;
1141
- react_production.Profiler = REACT_PROFILER_TYPE;
1142
- react_production.PureComponent = PureComponent;
1143
- react_production.StrictMode = REACT_STRICT_MODE_TYPE;
1144
- react_production.Suspense = REACT_SUSPENSE_TYPE;
1145
- react_production.__CLIENT_INTERNALS_DO_NOT_USE_OR_WARN_USERS_THEY_CANNOT_UPGRADE =
1146
- ReactSharedInternals;
1147
- react_production.__COMPILER_RUNTIME = {
1148
- __proto__: null,
1149
- c: function (size) {
1150
- return ReactSharedInternals.H.useMemoCache(size);
1151
- }
1152
- };
1153
- react_production.cache = function (fn) {
1154
- return function () {
1155
- return fn.apply(null, arguments);
1156
- };
1157
- };
1158
- react_production.cacheSignal = function () {
1159
- return null;
1160
- };
1161
- react_production.cloneElement = function (element, config, children) {
1162
- if (null === element || void 0 === element)
1163
- throw Error(
1164
- "The argument must be a React element, but you passed " + element + "."
1165
- );
1166
- var props = assign({}, element.props),
1167
- key = element.key;
1168
- if (null != config)
1169
- for (propName in (void 0 !== config.key && (key = "" + config.key), config))
1170
- !hasOwnProperty.call(config, propName) ||
1171
- "key" === propName ||
1172
- "__self" === propName ||
1173
- "__source" === propName ||
1174
- ("ref" === propName && void 0 === config.ref) ||
1175
- (props[propName] = config[propName]);
1176
- var propName = arguments.length - 2;
1177
- if (1 === propName) props.children = children;
1178
- else if (1 < propName) {
1179
- for (var childArray = Array(propName), i = 0; i < propName; i++)
1180
- childArray[i] = arguments[i + 2];
1181
- props.children = childArray;
1182
- }
1183
- return ReactElement(element.type, key, props);
1184
- };
1185
- react_production.createContext = function (defaultValue) {
1186
- defaultValue = {
1187
- $$typeof: REACT_CONTEXT_TYPE,
1188
- _currentValue: defaultValue,
1189
- _currentValue2: defaultValue,
1190
- _threadCount: 0,
1191
- Provider: null,
1192
- Consumer: null
1193
- };
1194
- defaultValue.Provider = defaultValue;
1195
- defaultValue.Consumer = {
1196
- $$typeof: REACT_CONSUMER_TYPE,
1197
- _context: defaultValue
1198
- };
1199
- return defaultValue;
1200
- };
1201
- react_production.createElement = function (type, config, children) {
1202
- var propName,
1203
- props = {},
1204
- key = null;
1205
- if (null != config)
1206
- for (propName in (void 0 !== config.key && (key = "" + config.key), config))
1207
- hasOwnProperty.call(config, propName) &&
1208
- "key" !== propName &&
1209
- "__self" !== propName &&
1210
- "__source" !== propName &&
1211
- (props[propName] = config[propName]);
1212
- var childrenLength = arguments.length - 2;
1213
- if (1 === childrenLength) props.children = children;
1214
- else if (1 < childrenLength) {
1215
- for (var childArray = Array(childrenLength), i = 0; i < childrenLength; i++)
1216
- childArray[i] = arguments[i + 2];
1217
- props.children = childArray;
1218
- }
1219
- if (type && type.defaultProps)
1220
- for (propName in ((childrenLength = type.defaultProps), childrenLength))
1221
- void 0 === props[propName] &&
1222
- (props[propName] = childrenLength[propName]);
1223
- return ReactElement(type, key, props);
1224
- };
1225
- react_production.createRef = function () {
1226
- return { current: null };
1227
- };
1228
- react_production.forwardRef = function (render) {
1229
- return { $$typeof: REACT_FORWARD_REF_TYPE, render: render };
1230
- };
1231
- react_production.isValidElement = isValidElement;
1232
- react_production.lazy = function (ctor) {
1233
- return {
1234
- $$typeof: REACT_LAZY_TYPE,
1235
- _payload: { _status: -1, _result: ctor },
1236
- _init: lazyInitializer
1237
- };
1238
- };
1239
- react_production.memo = function (type, compare) {
1240
- return {
1241
- $$typeof: REACT_MEMO_TYPE,
1242
- type: type,
1243
- compare: void 0 === compare ? null : compare
1244
- };
1245
- };
1246
- react_production.startTransition = function (scope) {
1247
- var prevTransition = ReactSharedInternals.T,
1248
- currentTransition = {};
1249
- ReactSharedInternals.T = currentTransition;
1250
- try {
1251
- var returnValue = scope(),
1252
- onStartTransitionFinish = ReactSharedInternals.S;
1253
- null !== onStartTransitionFinish &&
1254
- onStartTransitionFinish(currentTransition, returnValue);
1255
- "object" === typeof returnValue &&
1256
- null !== returnValue &&
1257
- "function" === typeof returnValue.then &&
1258
- returnValue.then(noop, reportGlobalError);
1259
- } catch (error) {
1260
- reportGlobalError(error);
1261
- } finally {
1262
- null !== prevTransition &&
1263
- null !== currentTransition.types &&
1264
- (prevTransition.types = currentTransition.types),
1265
- (ReactSharedInternals.T = prevTransition);
1266
- }
1267
- };
1268
- react_production.unstable_useCacheRefresh = function () {
1269
- return ReactSharedInternals.H.useCacheRefresh();
1270
- };
1271
- react_production.use = function (usable) {
1272
- return ReactSharedInternals.H.use(usable);
1273
- };
1274
- react_production.useActionState = function (action, initialState, permalink) {
1275
- return ReactSharedInternals.H.useActionState(action, initialState, permalink);
1276
- };
1277
- react_production.useCallback = function (callback, deps) {
1278
- return ReactSharedInternals.H.useCallback(callback, deps);
1279
- };
1280
- react_production.useContext = function (Context) {
1281
- return ReactSharedInternals.H.useContext(Context);
1282
- };
1283
- react_production.useDebugValue = function () {};
1284
- react_production.useDeferredValue = function (value, initialValue) {
1285
- return ReactSharedInternals.H.useDeferredValue(value, initialValue);
1286
- };
1287
- react_production.useEffect = function (create, deps) {
1288
- return ReactSharedInternals.H.useEffect(create, deps);
1289
- };
1290
- react_production.useEffectEvent = function (callback) {
1291
- return ReactSharedInternals.H.useEffectEvent(callback);
1292
- };
1293
- react_production.useId = function () {
1294
- return ReactSharedInternals.H.useId();
1295
- };
1296
- react_production.useImperativeHandle = function (ref, create, deps) {
1297
- return ReactSharedInternals.H.useImperativeHandle(ref, create, deps);
1298
- };
1299
- react_production.useInsertionEffect = function (create, deps) {
1300
- return ReactSharedInternals.H.useInsertionEffect(create, deps);
1301
- };
1302
- react_production.useLayoutEffect = function (create, deps) {
1303
- return ReactSharedInternals.H.useLayoutEffect(create, deps);
1304
- };
1305
- react_production.useMemo = function (create, deps) {
1306
- return ReactSharedInternals.H.useMemo(create, deps);
1307
- };
1308
- react_production.useOptimistic = function (passthrough, reducer) {
1309
- return ReactSharedInternals.H.useOptimistic(passthrough, reducer);
1310
- };
1311
- react_production.useReducer = function (reducer, initialArg, init) {
1312
- return ReactSharedInternals.H.useReducer(reducer, initialArg, init);
1313
- };
1314
- react_production.useRef = function (initialValue) {
1315
- return ReactSharedInternals.H.useRef(initialValue);
1316
- };
1317
- react_production.useState = function (initialState) {
1318
- return ReactSharedInternals.H.useState(initialState);
1319
- };
1320
- react_production.useSyncExternalStore = function (
1321
- subscribe,
1322
- getSnapshot,
1323
- getServerSnapshot
1324
- ) {
1325
- return ReactSharedInternals.H.useSyncExternalStore(
1326
- subscribe,
1327
- getSnapshot,
1328
- getServerSnapshot
1329
- );
1330
- };
1331
- react_production.useTransition = function () {
1332
- return ReactSharedInternals.H.useTransition();
1333
- };
1334
- react_production.version = "19.2.0";
1335
- return react_production;
1336
- }
1337
-
1338
- var react_development = {exports: {}};
1339
-
1340
- /**
1341
- * @license React
1342
- * react.development.js
1343
- *
1344
- * Copyright (c) Meta Platforms, Inc. and affiliates.
1345
- *
1346
- * This source code is licensed under the MIT license found in the
1347
- * LICENSE file in the root directory of this source tree.
1348
- */
1349
- react_development.exports;
1350
-
1351
- var hasRequiredReact_development;
1352
-
1353
- function requireReact_development () {
1354
- if (hasRequiredReact_development) return react_development.exports;
1355
- hasRequiredReact_development = 1;
1356
- (function (module, exports) {
1357
- "production" !== process.env.NODE_ENV &&
1358
- (function () {
1359
- function defineDeprecationWarning(methodName, info) {
1360
- Object.defineProperty(Component.prototype, methodName, {
1361
- get: function () {
1362
- console.warn(
1363
- "%s(...) is deprecated in plain JavaScript React classes. %s",
1364
- info[0],
1365
- info[1]
1366
- );
1367
- }
1368
- });
1369
- }
1370
- function getIteratorFn(maybeIterable) {
1371
- if (null === maybeIterable || "object" !== typeof maybeIterable)
1372
- return null;
1373
- maybeIterable =
1374
- (MAYBE_ITERATOR_SYMBOL && maybeIterable[MAYBE_ITERATOR_SYMBOL]) ||
1375
- maybeIterable["@@iterator"];
1376
- return "function" === typeof maybeIterable ? maybeIterable : null;
1377
- }
1378
- function warnNoop(publicInstance, callerName) {
1379
- publicInstance =
1380
- ((publicInstance = publicInstance.constructor) &&
1381
- (publicInstance.displayName || publicInstance.name)) ||
1382
- "ReactClass";
1383
- var warningKey = publicInstance + "." + callerName;
1384
- didWarnStateUpdateForUnmountedComponent[warningKey] ||
1385
- (console.error(
1386
- "Can't call %s on a component that is not yet mounted. This is a no-op, but it might indicate a bug in your application. Instead, assign to `this.state` directly or define a `state = {};` class property with the desired state in the %s component.",
1387
- callerName,
1388
- publicInstance
1389
- ),
1390
- (didWarnStateUpdateForUnmountedComponent[warningKey] = true));
1391
- }
1392
- function Component(props, context, updater) {
1393
- this.props = props;
1394
- this.context = context;
1395
- this.refs = emptyObject;
1396
- this.updater = updater || ReactNoopUpdateQueue;
1397
- }
1398
- function ComponentDummy() {}
1399
- function PureComponent(props, context, updater) {
1400
- this.props = props;
1401
- this.context = context;
1402
- this.refs = emptyObject;
1403
- this.updater = updater || ReactNoopUpdateQueue;
1404
- }
1405
- function noop() {}
1406
- function testStringCoercion(value) {
1407
- return "" + value;
1408
- }
1409
- function checkKeyStringCoercion(value) {
1410
- try {
1411
- testStringCoercion(value);
1412
- var JSCompiler_inline_result = !1;
1413
- } catch (e) {
1414
- JSCompiler_inline_result = true;
1415
- }
1416
- if (JSCompiler_inline_result) {
1417
- JSCompiler_inline_result = console;
1418
- var JSCompiler_temp_const = JSCompiler_inline_result.error;
1419
- var JSCompiler_inline_result$jscomp$0 =
1420
- ("function" === typeof Symbol &&
1421
- Symbol.toStringTag &&
1422
- value[Symbol.toStringTag]) ||
1423
- value.constructor.name ||
1424
- "Object";
1425
- JSCompiler_temp_const.call(
1426
- JSCompiler_inline_result,
1427
- "The provided key is an unsupported type %s. This value must be coerced to a string before using it here.",
1428
- JSCompiler_inline_result$jscomp$0
1429
- );
1430
- return testStringCoercion(value);
1431
- }
1432
- }
1433
- function getComponentNameFromType(type) {
1434
- if (null == type) return null;
1435
- if ("function" === typeof type)
1436
- return type.$$typeof === REACT_CLIENT_REFERENCE
1437
- ? null
1438
- : type.displayName || type.name || null;
1439
- if ("string" === typeof type) return type;
1440
- switch (type) {
1441
- case REACT_FRAGMENT_TYPE:
1442
- return "Fragment";
1443
- case REACT_PROFILER_TYPE:
1444
- return "Profiler";
1445
- case REACT_STRICT_MODE_TYPE:
1446
- return "StrictMode";
1447
- case REACT_SUSPENSE_TYPE:
1448
- return "Suspense";
1449
- case REACT_SUSPENSE_LIST_TYPE:
1450
- return "SuspenseList";
1451
- case REACT_ACTIVITY_TYPE:
1452
- return "Activity";
1453
- }
1454
- if ("object" === typeof type)
1455
- switch (
1456
- ("number" === typeof type.tag &&
1457
- console.error(
1458
- "Received an unexpected object in getComponentNameFromType(). This is likely a bug in React. Please file an issue."
1459
- ),
1460
- type.$$typeof)
1461
- ) {
1462
- case REACT_PORTAL_TYPE:
1463
- return "Portal";
1464
- case REACT_CONTEXT_TYPE:
1465
- return type.displayName || "Context";
1466
- case REACT_CONSUMER_TYPE:
1467
- return (type._context.displayName || "Context") + ".Consumer";
1468
- case REACT_FORWARD_REF_TYPE:
1469
- var innerType = type.render;
1470
- type = type.displayName;
1471
- type ||
1472
- ((type = innerType.displayName || innerType.name || ""),
1473
- (type = "" !== type ? "ForwardRef(" + type + ")" : "ForwardRef"));
1474
- return type;
1475
- case REACT_MEMO_TYPE:
1476
- return (
1477
- (innerType = type.displayName || null),
1478
- null !== innerType
1479
- ? innerType
1480
- : getComponentNameFromType(type.type) || "Memo"
1481
- );
1482
- case REACT_LAZY_TYPE:
1483
- innerType = type._payload;
1484
- type = type._init;
1485
- try {
1486
- return getComponentNameFromType(type(innerType));
1487
- } catch (x) {}
1488
- }
1489
- return null;
1490
- }
1491
- function getTaskName(type) {
1492
- if (type === REACT_FRAGMENT_TYPE) return "<>";
1493
- if (
1494
- "object" === typeof type &&
1495
- null !== type &&
1496
- type.$$typeof === REACT_LAZY_TYPE
1497
- )
1498
- return "<...>";
1499
- try {
1500
- var name = getComponentNameFromType(type);
1501
- return name ? "<" + name + ">" : "<...>";
1502
- } catch (x) {
1503
- return "<...>";
1504
- }
1505
- }
1506
- function getOwner() {
1507
- var dispatcher = ReactSharedInternals.A;
1508
- return null === dispatcher ? null : dispatcher.getOwner();
1509
- }
1510
- function UnknownOwner() {
1511
- return Error("react-stack-top-frame");
1512
- }
1513
- function hasValidKey(config) {
1514
- if (hasOwnProperty.call(config, "key")) {
1515
- var getter = Object.getOwnPropertyDescriptor(config, "key").get;
1516
- if (getter && getter.isReactWarning) return false;
1517
- }
1518
- return void 0 !== config.key;
1519
- }
1520
- function defineKeyPropWarningGetter(props, displayName) {
1521
- function warnAboutAccessingKey() {
1522
- specialPropKeyWarningShown ||
1523
- ((specialPropKeyWarningShown = true),
1524
- console.error(
1525
- "%s: `key` is not a prop. Trying to access it will result in `undefined` being returned. If you need to access the same value within the child component, you should pass it as a different prop. (https://react.dev/link/special-props)",
1526
- displayName
1527
- ));
1528
- }
1529
- warnAboutAccessingKey.isReactWarning = true;
1530
- Object.defineProperty(props, "key", {
1531
- get: warnAboutAccessingKey,
1532
- configurable: true
1533
- });
1534
- }
1535
- function elementRefGetterWithDeprecationWarning() {
1536
- var componentName = getComponentNameFromType(this.type);
1537
- didWarnAboutElementRef[componentName] ||
1538
- ((didWarnAboutElementRef[componentName] = true),
1539
- console.error(
1540
- "Accessing element.ref was removed in React 19. ref is now a regular prop. It will be removed from the JSX Element type in a future release."
1541
- ));
1542
- componentName = this.props.ref;
1543
- return void 0 !== componentName ? componentName : null;
1544
- }
1545
- function ReactElement(type, key, props, owner, debugStack, debugTask) {
1546
- var refProp = props.ref;
1547
- type = {
1548
- $$typeof: REACT_ELEMENT_TYPE,
1549
- type: type,
1550
- key: key,
1551
- props: props,
1552
- _owner: owner
1553
- };
1554
- null !== (void 0 !== refProp ? refProp : null)
1555
- ? Object.defineProperty(type, "ref", {
1556
- enumerable: false,
1557
- get: elementRefGetterWithDeprecationWarning
1558
- })
1559
- : Object.defineProperty(type, "ref", { enumerable: false, value: null });
1560
- type._store = {};
1561
- Object.defineProperty(type._store, "validated", {
1562
- configurable: false,
1563
- enumerable: false,
1564
- writable: true,
1565
- value: 0
1566
- });
1567
- Object.defineProperty(type, "_debugInfo", {
1568
- configurable: false,
1569
- enumerable: false,
1570
- writable: true,
1571
- value: null
1572
- });
1573
- Object.defineProperty(type, "_debugStack", {
1574
- configurable: false,
1575
- enumerable: false,
1576
- writable: true,
1577
- value: debugStack
1578
- });
1579
- Object.defineProperty(type, "_debugTask", {
1580
- configurable: false,
1581
- enumerable: false,
1582
- writable: true,
1583
- value: debugTask
1584
- });
1585
- Object.freeze && (Object.freeze(type.props), Object.freeze(type));
1586
- return type;
1587
- }
1588
- function cloneAndReplaceKey(oldElement, newKey) {
1589
- newKey = ReactElement(
1590
- oldElement.type,
1591
- newKey,
1592
- oldElement.props,
1593
- oldElement._owner,
1594
- oldElement._debugStack,
1595
- oldElement._debugTask
1596
- );
1597
- oldElement._store &&
1598
- (newKey._store.validated = oldElement._store.validated);
1599
- return newKey;
1600
- }
1601
- function validateChildKeys(node) {
1602
- isValidElement(node)
1603
- ? node._store && (node._store.validated = 1)
1604
- : "object" === typeof node &&
1605
- null !== node &&
1606
- node.$$typeof === REACT_LAZY_TYPE &&
1607
- ("fulfilled" === node._payload.status
1608
- ? isValidElement(node._payload.value) &&
1609
- node._payload.value._store &&
1610
- (node._payload.value._store.validated = 1)
1611
- : node._store && (node._store.validated = 1));
1612
- }
1613
- function isValidElement(object) {
1614
- return (
1615
- "object" === typeof object &&
1616
- null !== object &&
1617
- object.$$typeof === REACT_ELEMENT_TYPE
1618
- );
1619
- }
1620
- function escape(key) {
1621
- var escaperLookup = { "=": "=0", ":": "=2" };
1622
- return (
1623
- "$" +
1624
- key.replace(/[=:]/g, function (match) {
1625
- return escaperLookup[match];
1626
- })
1627
- );
1628
- }
1629
- function getElementKey(element, index) {
1630
- return "object" === typeof element &&
1631
- null !== element &&
1632
- null != element.key
1633
- ? (checkKeyStringCoercion(element.key), escape("" + element.key))
1634
- : index.toString(36);
1635
- }
1636
- function resolveThenable(thenable) {
1637
- switch (thenable.status) {
1638
- case "fulfilled":
1639
- return thenable.value;
1640
- case "rejected":
1641
- throw thenable.reason;
1642
- default:
1643
- switch (
1644
- ("string" === typeof thenable.status
1645
- ? thenable.then(noop, noop)
1646
- : ((thenable.status = "pending"),
1647
- thenable.then(
1648
- function (fulfilledValue) {
1649
- "pending" === thenable.status &&
1650
- ((thenable.status = "fulfilled"),
1651
- (thenable.value = fulfilledValue));
1652
- },
1653
- function (error) {
1654
- "pending" === thenable.status &&
1655
- ((thenable.status = "rejected"),
1656
- (thenable.reason = error));
1657
- }
1658
- )),
1659
- thenable.status)
1660
- ) {
1661
- case "fulfilled":
1662
- return thenable.value;
1663
- case "rejected":
1664
- throw thenable.reason;
1665
- }
1666
- }
1667
- throw thenable;
1668
- }
1669
- function mapIntoArray(children, array, escapedPrefix, nameSoFar, callback) {
1670
- var type = typeof children;
1671
- if ("undefined" === type || "boolean" === type) children = null;
1672
- var invokeCallback = false;
1673
- if (null === children) invokeCallback = true;
1674
- else
1675
- switch (type) {
1676
- case "bigint":
1677
- case "string":
1678
- case "number":
1679
- invokeCallback = true;
1680
- break;
1681
- case "object":
1682
- switch (children.$$typeof) {
1683
- case REACT_ELEMENT_TYPE:
1684
- case REACT_PORTAL_TYPE:
1685
- invokeCallback = true;
1686
- break;
1687
- case REACT_LAZY_TYPE:
1688
- return (
1689
- (invokeCallback = children._init),
1690
- mapIntoArray(
1691
- invokeCallback(children._payload),
1692
- array,
1693
- escapedPrefix,
1694
- nameSoFar,
1695
- callback
1696
- )
1697
- );
1698
- }
1699
- }
1700
- if (invokeCallback) {
1701
- invokeCallback = children;
1702
- callback = callback(invokeCallback);
1703
- var childKey =
1704
- "" === nameSoFar ? "." + getElementKey(invokeCallback, 0) : nameSoFar;
1705
- isArrayImpl(callback)
1706
- ? ((escapedPrefix = ""),
1707
- null != childKey &&
1708
- (escapedPrefix =
1709
- childKey.replace(userProvidedKeyEscapeRegex, "$&/") + "/"),
1710
- mapIntoArray(callback, array, escapedPrefix, "", function (c) {
1711
- return c;
1712
- }))
1713
- : null != callback &&
1714
- (isValidElement(callback) &&
1715
- (null != callback.key &&
1716
- ((invokeCallback && invokeCallback.key === callback.key) ||
1717
- checkKeyStringCoercion(callback.key)),
1718
- (escapedPrefix = cloneAndReplaceKey(
1719
- callback,
1720
- escapedPrefix +
1721
- (null == callback.key ||
1722
- (invokeCallback && invokeCallback.key === callback.key)
1723
- ? ""
1724
- : ("" + callback.key).replace(
1725
- userProvidedKeyEscapeRegex,
1726
- "$&/"
1727
- ) + "/") +
1728
- childKey
1729
- )),
1730
- "" !== nameSoFar &&
1731
- null != invokeCallback &&
1732
- isValidElement(invokeCallback) &&
1733
- null == invokeCallback.key &&
1734
- invokeCallback._store &&
1735
- !invokeCallback._store.validated &&
1736
- (escapedPrefix._store.validated = 2),
1737
- (callback = escapedPrefix)),
1738
- array.push(callback));
1739
- return 1;
1740
- }
1741
- invokeCallback = 0;
1742
- childKey = "" === nameSoFar ? "." : nameSoFar + ":";
1743
- if (isArrayImpl(children))
1744
- for (var i = 0; i < children.length; i++)
1745
- (nameSoFar = children[i]),
1746
- (type = childKey + getElementKey(nameSoFar, i)),
1747
- (invokeCallback += mapIntoArray(
1748
- nameSoFar,
1749
- array,
1750
- escapedPrefix,
1751
- type,
1752
- callback
1753
- ));
1754
- else if (((i = getIteratorFn(children)), "function" === typeof i))
1755
- for (
1756
- i === children.entries &&
1757
- (didWarnAboutMaps ||
1758
- console.warn(
1759
- "Using Maps as children is not supported. Use an array of keyed ReactElements instead."
1760
- ),
1761
- (didWarnAboutMaps = true)),
1762
- children = i.call(children),
1763
- i = 0;
1764
- !(nameSoFar = children.next()).done;
1765
-
1766
- )
1767
- (nameSoFar = nameSoFar.value),
1768
- (type = childKey + getElementKey(nameSoFar, i++)),
1769
- (invokeCallback += mapIntoArray(
1770
- nameSoFar,
1771
- array,
1772
- escapedPrefix,
1773
- type,
1774
- callback
1775
- ));
1776
- else if ("object" === type) {
1777
- if ("function" === typeof children.then)
1778
- return mapIntoArray(
1779
- resolveThenable(children),
1780
- array,
1781
- escapedPrefix,
1782
- nameSoFar,
1783
- callback
1784
- );
1785
- array = String(children);
1786
- throw Error(
1787
- "Objects are not valid as a React child (found: " +
1788
- ("[object Object]" === array
1789
- ? "object with keys {" + Object.keys(children).join(", ") + "}"
1790
- : array) +
1791
- "). If you meant to render a collection of children, use an array instead."
1792
- );
1793
- }
1794
- return invokeCallback;
1795
- }
1796
- function mapChildren(children, func, context) {
1797
- if (null == children) return children;
1798
- var result = [],
1799
- count = 0;
1800
- mapIntoArray(children, result, "", "", function (child) {
1801
- return func.call(context, child, count++);
1802
- });
1803
- return result;
1804
- }
1805
- function lazyInitializer(payload) {
1806
- if (-1 === payload._status) {
1807
- var ioInfo = payload._ioInfo;
1808
- null != ioInfo && (ioInfo.start = ioInfo.end = performance.now());
1809
- ioInfo = payload._result;
1810
- var thenable = ioInfo();
1811
- thenable.then(
1812
- function (moduleObject) {
1813
- if (0 === payload._status || -1 === payload._status) {
1814
- payload._status = 1;
1815
- payload._result = moduleObject;
1816
- var _ioInfo = payload._ioInfo;
1817
- null != _ioInfo && (_ioInfo.end = performance.now());
1818
- void 0 === thenable.status &&
1819
- ((thenable.status = "fulfilled"),
1820
- (thenable.value = moduleObject));
1821
- }
1822
- },
1823
- function (error) {
1824
- if (0 === payload._status || -1 === payload._status) {
1825
- payload._status = 2;
1826
- payload._result = error;
1827
- var _ioInfo2 = payload._ioInfo;
1828
- null != _ioInfo2 && (_ioInfo2.end = performance.now());
1829
- void 0 === thenable.status &&
1830
- ((thenable.status = "rejected"), (thenable.reason = error));
1831
- }
1832
- }
1833
- );
1834
- ioInfo = payload._ioInfo;
1835
- if (null != ioInfo) {
1836
- ioInfo.value = thenable;
1837
- var displayName = thenable.displayName;
1838
- "string" === typeof displayName && (ioInfo.name = displayName);
1839
- }
1840
- -1 === payload._status &&
1841
- ((payload._status = 0), (payload._result = thenable));
1842
- }
1843
- if (1 === payload._status)
1844
- return (
1845
- (ioInfo = payload._result),
1846
- void 0 === ioInfo &&
1847
- console.error(
1848
- "lazy: Expected the result of a dynamic import() call. Instead received: %s\n\nYour code should look like: \n const MyComponent = lazy(() => import('./MyComponent'))\n\nDid you accidentally put curly braces around the import?",
1849
- ioInfo
1850
- ),
1851
- "default" in ioInfo ||
1852
- console.error(
1853
- "lazy: Expected the result of a dynamic import() call. Instead received: %s\n\nYour code should look like: \n const MyComponent = lazy(() => import('./MyComponent'))",
1854
- ioInfo
1855
- ),
1856
- ioInfo.default
1857
- );
1858
- throw payload._result;
1859
- }
1860
- function resolveDispatcher() {
1861
- var dispatcher = ReactSharedInternals.H;
1862
- null === dispatcher &&
1863
- console.error(
1864
- "Invalid hook call. Hooks can only be called inside of the body of a function component. This could happen for one of the following reasons:\n1. You might have mismatching versions of React and the renderer (such as React DOM)\n2. You might be breaking the Rules of Hooks\n3. You might have more than one copy of React in the same app\nSee https://react.dev/link/invalid-hook-call for tips about how to debug and fix this problem."
1865
- );
1866
- return dispatcher;
1867
- }
1868
- function releaseAsyncTransition() {
1869
- ReactSharedInternals.asyncTransitions--;
1870
- }
1871
- function enqueueTask(task) {
1872
- if (null === enqueueTaskImpl)
1873
- try {
1874
- var requireString = ("require" + Math.random()).slice(0, 7);
1875
- enqueueTaskImpl = (module && module[requireString]).call(
1876
- module,
1877
- "timers"
1878
- ).setImmediate;
1879
- } catch (_err) {
1880
- enqueueTaskImpl = function (callback) {
1881
- false === didWarnAboutMessageChannel &&
1882
- ((didWarnAboutMessageChannel = true),
1883
- "undefined" === typeof MessageChannel &&
1884
- console.error(
1885
- "This browser does not have a MessageChannel implementation, so enqueuing tasks via await act(async () => ...) will fail. Please file an issue at https://github.com/facebook/react/issues if you encounter this warning."
1886
- ));
1887
- var channel = new MessageChannel();
1888
- channel.port1.onmessage = callback;
1889
- channel.port2.postMessage(void 0);
1890
- };
1891
- }
1892
- return enqueueTaskImpl(task);
1893
- }
1894
- function aggregateErrors(errors) {
1895
- return 1 < errors.length && "function" === typeof AggregateError
1896
- ? new AggregateError(errors)
1897
- : errors[0];
1898
- }
1899
- function popActScope(prevActQueue, prevActScopeDepth) {
1900
- prevActScopeDepth !== actScopeDepth - 1 &&
1901
- console.error(
1902
- "You seem to have overlapping act() calls, this is not supported. Be sure to await previous act() calls before making a new one. "
1903
- );
1904
- actScopeDepth = prevActScopeDepth;
1905
- }
1906
- function recursivelyFlushAsyncActWork(returnValue, resolve, reject) {
1907
- var queue = ReactSharedInternals.actQueue;
1908
- if (null !== queue)
1909
- if (0 !== queue.length)
1910
- try {
1911
- flushActQueue(queue);
1912
- enqueueTask(function () {
1913
- return recursivelyFlushAsyncActWork(returnValue, resolve, reject);
1914
- });
1915
- return;
1916
- } catch (error) {
1917
- ReactSharedInternals.thrownErrors.push(error);
1918
- }
1919
- else ReactSharedInternals.actQueue = null;
1920
- 0 < ReactSharedInternals.thrownErrors.length
1921
- ? ((queue = aggregateErrors(ReactSharedInternals.thrownErrors)),
1922
- (ReactSharedInternals.thrownErrors.length = 0),
1923
- reject(queue))
1924
- : resolve(returnValue);
1925
- }
1926
- function flushActQueue(queue) {
1927
- if (!isFlushing) {
1928
- isFlushing = true;
1929
- var i = 0;
1930
- try {
1931
- for (; i < queue.length; i++) {
1932
- var callback = queue[i];
1933
- do {
1934
- ReactSharedInternals.didUsePromise = !1;
1935
- var continuation = callback(!1);
1936
- if (null !== continuation) {
1937
- if (ReactSharedInternals.didUsePromise) {
1938
- queue[i] = callback;
1939
- queue.splice(0, i);
1940
- return;
1941
- }
1942
- callback = continuation;
1943
- } else break;
1944
- } while (1);
1945
- }
1946
- queue.length = 0;
1947
- } catch (error) {
1948
- queue.splice(0, i + 1), ReactSharedInternals.thrownErrors.push(error);
1949
- } finally {
1950
- isFlushing = false;
1951
- }
1952
- }
1953
- }
1954
- "undefined" !== typeof __REACT_DEVTOOLS_GLOBAL_HOOK__ &&
1955
- "function" ===
1956
- typeof __REACT_DEVTOOLS_GLOBAL_HOOK__.registerInternalModuleStart &&
1957
- __REACT_DEVTOOLS_GLOBAL_HOOK__.registerInternalModuleStart(Error());
1958
- var REACT_ELEMENT_TYPE = Symbol.for("react.transitional.element"),
1959
- REACT_PORTAL_TYPE = Symbol.for("react.portal"),
1960
- REACT_FRAGMENT_TYPE = Symbol.for("react.fragment"),
1961
- REACT_STRICT_MODE_TYPE = Symbol.for("react.strict_mode"),
1962
- REACT_PROFILER_TYPE = Symbol.for("react.profiler"),
1963
- REACT_CONSUMER_TYPE = Symbol.for("react.consumer"),
1964
- REACT_CONTEXT_TYPE = Symbol.for("react.context"),
1965
- REACT_FORWARD_REF_TYPE = Symbol.for("react.forward_ref"),
1966
- REACT_SUSPENSE_TYPE = Symbol.for("react.suspense"),
1967
- REACT_SUSPENSE_LIST_TYPE = Symbol.for("react.suspense_list"),
1968
- REACT_MEMO_TYPE = Symbol.for("react.memo"),
1969
- REACT_LAZY_TYPE = Symbol.for("react.lazy"),
1970
- REACT_ACTIVITY_TYPE = Symbol.for("react.activity"),
1971
- MAYBE_ITERATOR_SYMBOL = Symbol.iterator,
1972
- didWarnStateUpdateForUnmountedComponent = {},
1973
- ReactNoopUpdateQueue = {
1974
- isMounted: function () {
1975
- return false;
1976
- },
1977
- enqueueForceUpdate: function (publicInstance) {
1978
- warnNoop(publicInstance, "forceUpdate");
1979
- },
1980
- enqueueReplaceState: function (publicInstance) {
1981
- warnNoop(publicInstance, "replaceState");
1982
- },
1983
- enqueueSetState: function (publicInstance) {
1984
- warnNoop(publicInstance, "setState");
1985
- }
1986
- },
1987
- assign = Object.assign,
1988
- emptyObject = {};
1989
- Object.freeze(emptyObject);
1990
- Component.prototype.isReactComponent = {};
1991
- Component.prototype.setState = function (partialState, callback) {
1992
- if (
1993
- "object" !== typeof partialState &&
1994
- "function" !== typeof partialState &&
1995
- null != partialState
1996
- )
1997
- throw Error(
1998
- "takes an object of state variables to update or a function which returns an object of state variables."
1999
- );
2000
- this.updater.enqueueSetState(this, partialState, callback, "setState");
2001
- };
2002
- Component.prototype.forceUpdate = function (callback) {
2003
- this.updater.enqueueForceUpdate(this, callback, "forceUpdate");
2004
- };
2005
- var deprecatedAPIs = {
2006
- isMounted: [
2007
- "isMounted",
2008
- "Instead, make sure to clean up subscriptions and pending requests in componentWillUnmount to prevent memory leaks."
2009
- ],
2010
- replaceState: [
2011
- "replaceState",
2012
- "Refactor your code to use setState instead (see https://github.com/facebook/react/issues/3236)."
2013
- ]
2014
- };
2015
- for (fnName in deprecatedAPIs)
2016
- deprecatedAPIs.hasOwnProperty(fnName) &&
2017
- defineDeprecationWarning(fnName, deprecatedAPIs[fnName]);
2018
- ComponentDummy.prototype = Component.prototype;
2019
- deprecatedAPIs = PureComponent.prototype = new ComponentDummy();
2020
- deprecatedAPIs.constructor = PureComponent;
2021
- assign(deprecatedAPIs, Component.prototype);
2022
- deprecatedAPIs.isPureReactComponent = true;
2023
- var isArrayImpl = Array.isArray,
2024
- REACT_CLIENT_REFERENCE = Symbol.for("react.client.reference"),
2025
- ReactSharedInternals = {
2026
- H: null,
2027
- A: null,
2028
- T: null,
2029
- S: null,
2030
- actQueue: null,
2031
- asyncTransitions: 0,
2032
- isBatchingLegacy: false,
2033
- didScheduleLegacyUpdate: false,
2034
- didUsePromise: false,
2035
- thrownErrors: [],
2036
- getCurrentStack: null,
2037
- recentlyCreatedOwnerStacks: 0
2038
- },
2039
- hasOwnProperty = Object.prototype.hasOwnProperty,
2040
- createTask = console.createTask
2041
- ? console.createTask
2042
- : function () {
2043
- return null;
2044
- };
2045
- deprecatedAPIs = {
2046
- react_stack_bottom_frame: function (callStackForError) {
2047
- return callStackForError();
2048
- }
2049
- };
2050
- var specialPropKeyWarningShown, didWarnAboutOldJSXRuntime;
2051
- var didWarnAboutElementRef = {};
2052
- var unknownOwnerDebugStack = deprecatedAPIs.react_stack_bottom_frame.bind(
2053
- deprecatedAPIs,
2054
- UnknownOwner
2055
- )();
2056
- var unknownOwnerDebugTask = createTask(getTaskName(UnknownOwner));
2057
- var didWarnAboutMaps = false,
2058
- userProvidedKeyEscapeRegex = /\/+/g,
2059
- reportGlobalError =
2060
- "function" === typeof reportError
2061
- ? reportError
2062
- : function (error) {
2063
- if (
2064
- "object" === typeof window &&
2065
- "function" === typeof window.ErrorEvent
2066
- ) {
2067
- var event = new window.ErrorEvent("error", {
2068
- bubbles: true,
2069
- cancelable: true,
2070
- message:
2071
- "object" === typeof error &&
2072
- null !== error &&
2073
- "string" === typeof error.message
2074
- ? String(error.message)
2075
- : String(error),
2076
- error: error
2077
- });
2078
- if (!window.dispatchEvent(event)) return;
2079
- } else if (
2080
- "object" === typeof process &&
2081
- "function" === typeof process.emit
2082
- ) {
2083
- process.emit("uncaughtException", error);
2084
- return;
2085
- }
2086
- console.error(error);
2087
- },
2088
- didWarnAboutMessageChannel = false,
2089
- enqueueTaskImpl = null,
2090
- actScopeDepth = 0,
2091
- didWarnNoAwaitAct = false,
2092
- isFlushing = false,
2093
- queueSeveralMicrotasks =
2094
- "function" === typeof queueMicrotask
2095
- ? function (callback) {
2096
- queueMicrotask(function () {
2097
- return queueMicrotask(callback);
2098
- });
2099
- }
2100
- : enqueueTask;
2101
- deprecatedAPIs = Object.freeze({
2102
- __proto__: null,
2103
- c: function (size) {
2104
- return resolveDispatcher().useMemoCache(size);
2105
- }
2106
- });
2107
- var fnName = {
2108
- map: mapChildren,
2109
- forEach: function (children, forEachFunc, forEachContext) {
2110
- mapChildren(
2111
- children,
2112
- function () {
2113
- forEachFunc.apply(this, arguments);
2114
- },
2115
- forEachContext
2116
- );
2117
- },
2118
- count: function (children) {
2119
- var n = 0;
2120
- mapChildren(children, function () {
2121
- n++;
2122
- });
2123
- return n;
2124
- },
2125
- toArray: function (children) {
2126
- return (
2127
- mapChildren(children, function (child) {
2128
- return child;
2129
- }) || []
2130
- );
2131
- },
2132
- only: function (children) {
2133
- if (!isValidElement(children))
2134
- throw Error(
2135
- "React.Children.only expected to receive a single React element child."
2136
- );
2137
- return children;
2138
- }
2139
- };
2140
- exports.Activity = REACT_ACTIVITY_TYPE;
2141
- exports.Children = fnName;
2142
- exports.Component = Component;
2143
- exports.Fragment = REACT_FRAGMENT_TYPE;
2144
- exports.Profiler = REACT_PROFILER_TYPE;
2145
- exports.PureComponent = PureComponent;
2146
- exports.StrictMode = REACT_STRICT_MODE_TYPE;
2147
- exports.Suspense = REACT_SUSPENSE_TYPE;
2148
- exports.__CLIENT_INTERNALS_DO_NOT_USE_OR_WARN_USERS_THEY_CANNOT_UPGRADE =
2149
- ReactSharedInternals;
2150
- exports.__COMPILER_RUNTIME = deprecatedAPIs;
2151
- exports.act = function (callback) {
2152
- var prevActQueue = ReactSharedInternals.actQueue,
2153
- prevActScopeDepth = actScopeDepth;
2154
- actScopeDepth++;
2155
- var queue = (ReactSharedInternals.actQueue =
2156
- null !== prevActQueue ? prevActQueue : []),
2157
- didAwaitActCall = false;
2158
- try {
2159
- var result = callback();
2160
- } catch (error) {
2161
- ReactSharedInternals.thrownErrors.push(error);
2162
- }
2163
- if (0 < ReactSharedInternals.thrownErrors.length)
2164
- throw (
2165
- (popActScope(prevActQueue, prevActScopeDepth),
2166
- (callback = aggregateErrors(ReactSharedInternals.thrownErrors)),
2167
- (ReactSharedInternals.thrownErrors.length = 0),
2168
- callback)
2169
- );
2170
- if (
2171
- null !== result &&
2172
- "object" === typeof result &&
2173
- "function" === typeof result.then
2174
- ) {
2175
- var thenable = result;
2176
- queueSeveralMicrotasks(function () {
2177
- didAwaitActCall ||
2178
- didWarnNoAwaitAct ||
2179
- ((didWarnNoAwaitAct = true),
2180
- console.error(
2181
- "You called act(async () => ...) without await. This could lead to unexpected testing behaviour, interleaving multiple act calls and mixing their scopes. You should - await act(async () => ...);"
2182
- ));
2183
- });
2184
- return {
2185
- then: function (resolve, reject) {
2186
- didAwaitActCall = true;
2187
- thenable.then(
2188
- function (returnValue) {
2189
- popActScope(prevActQueue, prevActScopeDepth);
2190
- if (0 === prevActScopeDepth) {
2191
- try {
2192
- flushActQueue(queue),
2193
- enqueueTask(function () {
2194
- return recursivelyFlushAsyncActWork(
2195
- returnValue,
2196
- resolve,
2197
- reject
2198
- );
2199
- });
2200
- } catch (error$0) {
2201
- ReactSharedInternals.thrownErrors.push(error$0);
2202
- }
2203
- if (0 < ReactSharedInternals.thrownErrors.length) {
2204
- var _thrownError = aggregateErrors(
2205
- ReactSharedInternals.thrownErrors
2206
- );
2207
- ReactSharedInternals.thrownErrors.length = 0;
2208
- reject(_thrownError);
2209
- }
2210
- } else resolve(returnValue);
2211
- },
2212
- function (error) {
2213
- popActScope(prevActQueue, prevActScopeDepth);
2214
- 0 < ReactSharedInternals.thrownErrors.length
2215
- ? ((error = aggregateErrors(
2216
- ReactSharedInternals.thrownErrors
2217
- )),
2218
- (ReactSharedInternals.thrownErrors.length = 0),
2219
- reject(error))
2220
- : reject(error);
2221
- }
2222
- );
2223
- }
2224
- };
2225
- }
2226
- var returnValue$jscomp$0 = result;
2227
- popActScope(prevActQueue, prevActScopeDepth);
2228
- 0 === prevActScopeDepth &&
2229
- (flushActQueue(queue),
2230
- 0 !== queue.length &&
2231
- queueSeveralMicrotasks(function () {
2232
- didAwaitActCall ||
2233
- didWarnNoAwaitAct ||
2234
- ((didWarnNoAwaitAct = true),
2235
- console.error(
2236
- "A component suspended inside an `act` scope, but the `act` call was not awaited. When testing React components that depend on asynchronous data, you must await the result:\n\nawait act(() => ...)"
2237
- ));
2238
- }),
2239
- (ReactSharedInternals.actQueue = null));
2240
- if (0 < ReactSharedInternals.thrownErrors.length)
2241
- throw (
2242
- ((callback = aggregateErrors(ReactSharedInternals.thrownErrors)),
2243
- (ReactSharedInternals.thrownErrors.length = 0),
2244
- callback)
2245
- );
2246
- return {
2247
- then: function (resolve, reject) {
2248
- didAwaitActCall = true;
2249
- 0 === prevActScopeDepth
2250
- ? ((ReactSharedInternals.actQueue = queue),
2251
- enqueueTask(function () {
2252
- return recursivelyFlushAsyncActWork(
2253
- returnValue$jscomp$0,
2254
- resolve,
2255
- reject
2256
- );
2257
- }))
2258
- : resolve(returnValue$jscomp$0);
2259
- }
2260
- };
2261
- };
2262
- exports.cache = function (fn) {
2263
- return function () {
2264
- return fn.apply(null, arguments);
2265
- };
2266
- };
2267
- exports.cacheSignal = function () {
2268
- return null;
2269
- };
2270
- exports.captureOwnerStack = function () {
2271
- var getCurrentStack = ReactSharedInternals.getCurrentStack;
2272
- return null === getCurrentStack ? null : getCurrentStack();
2273
- };
2274
- exports.cloneElement = function (element, config, children) {
2275
- if (null === element || void 0 === element)
2276
- throw Error(
2277
- "The argument must be a React element, but you passed " +
2278
- element +
2279
- "."
2280
- );
2281
- var props = assign({}, element.props),
2282
- key = element.key,
2283
- owner = element._owner;
2284
- if (null != config) {
2285
- var JSCompiler_inline_result;
2286
- a: {
2287
- if (
2288
- hasOwnProperty.call(config, "ref") &&
2289
- (JSCompiler_inline_result = Object.getOwnPropertyDescriptor(
2290
- config,
2291
- "ref"
2292
- ).get) &&
2293
- JSCompiler_inline_result.isReactWarning
2294
- ) {
2295
- JSCompiler_inline_result = false;
2296
- break a;
2297
- }
2298
- JSCompiler_inline_result = void 0 !== config.ref;
2299
- }
2300
- JSCompiler_inline_result && (owner = getOwner());
2301
- hasValidKey(config) &&
2302
- (checkKeyStringCoercion(config.key), (key = "" + config.key));
2303
- for (propName in config)
2304
- !hasOwnProperty.call(config, propName) ||
2305
- "key" === propName ||
2306
- "__self" === propName ||
2307
- "__source" === propName ||
2308
- ("ref" === propName && void 0 === config.ref) ||
2309
- (props[propName] = config[propName]);
2310
- }
2311
- var propName = arguments.length - 2;
2312
- if (1 === propName) props.children = children;
2313
- else if (1 < propName) {
2314
- JSCompiler_inline_result = Array(propName);
2315
- for (var i = 0; i < propName; i++)
2316
- JSCompiler_inline_result[i] = arguments[i + 2];
2317
- props.children = JSCompiler_inline_result;
2318
- }
2319
- props = ReactElement(
2320
- element.type,
2321
- key,
2322
- props,
2323
- owner,
2324
- element._debugStack,
2325
- element._debugTask
2326
- );
2327
- for (key = 2; key < arguments.length; key++)
2328
- validateChildKeys(arguments[key]);
2329
- return props;
2330
- };
2331
- exports.createContext = function (defaultValue) {
2332
- defaultValue = {
2333
- $$typeof: REACT_CONTEXT_TYPE,
2334
- _currentValue: defaultValue,
2335
- _currentValue2: defaultValue,
2336
- _threadCount: 0,
2337
- Provider: null,
2338
- Consumer: null
2339
- };
2340
- defaultValue.Provider = defaultValue;
2341
- defaultValue.Consumer = {
2342
- $$typeof: REACT_CONSUMER_TYPE,
2343
- _context: defaultValue
2344
- };
2345
- defaultValue._currentRenderer = null;
2346
- defaultValue._currentRenderer2 = null;
2347
- return defaultValue;
2348
- };
2349
- exports.createElement = function (type, config, children) {
2350
- for (var i = 2; i < arguments.length; i++)
2351
- validateChildKeys(arguments[i]);
2352
- i = {};
2353
- var key = null;
2354
- if (null != config)
2355
- for (propName in (didWarnAboutOldJSXRuntime ||
2356
- !("__self" in config) ||
2357
- "key" in config ||
2358
- ((didWarnAboutOldJSXRuntime = true),
2359
- console.warn(
2360
- "Your app (or one of its dependencies) is using an outdated JSX transform. Update to the modern JSX transform for faster performance: https://react.dev/link/new-jsx-transform"
2361
- )),
2362
- hasValidKey(config) &&
2363
- (checkKeyStringCoercion(config.key), (key = "" + config.key)),
2364
- config))
2365
- hasOwnProperty.call(config, propName) &&
2366
- "key" !== propName &&
2367
- "__self" !== propName &&
2368
- "__source" !== propName &&
2369
- (i[propName] = config[propName]);
2370
- var childrenLength = arguments.length - 2;
2371
- if (1 === childrenLength) i.children = children;
2372
- else if (1 < childrenLength) {
2373
- for (
2374
- var childArray = Array(childrenLength), _i = 0;
2375
- _i < childrenLength;
2376
- _i++
2377
- )
2378
- childArray[_i] = arguments[_i + 2];
2379
- Object.freeze && Object.freeze(childArray);
2380
- i.children = childArray;
2381
- }
2382
- if (type && type.defaultProps)
2383
- for (propName in ((childrenLength = type.defaultProps), childrenLength))
2384
- void 0 === i[propName] && (i[propName] = childrenLength[propName]);
2385
- key &&
2386
- defineKeyPropWarningGetter(
2387
- i,
2388
- "function" === typeof type
2389
- ? type.displayName || type.name || "Unknown"
2390
- : type
2391
- );
2392
- var propName = 1e4 > ReactSharedInternals.recentlyCreatedOwnerStacks++;
2393
- return ReactElement(
2394
- type,
2395
- key,
2396
- i,
2397
- getOwner(),
2398
- propName ? Error("react-stack-top-frame") : unknownOwnerDebugStack,
2399
- propName ? createTask(getTaskName(type)) : unknownOwnerDebugTask
2400
- );
2401
- };
2402
- exports.createRef = function () {
2403
- var refObject = { current: null };
2404
- Object.seal(refObject);
2405
- return refObject;
2406
- };
2407
- exports.forwardRef = function (render) {
2408
- null != render && render.$$typeof === REACT_MEMO_TYPE
2409
- ? console.error(
2410
- "forwardRef requires a render function but received a `memo` component. Instead of forwardRef(memo(...)), use memo(forwardRef(...))."
2411
- )
2412
- : "function" !== typeof render
2413
- ? console.error(
2414
- "forwardRef requires a render function but was given %s.",
2415
- null === render ? "null" : typeof render
2416
- )
2417
- : 0 !== render.length &&
2418
- 2 !== render.length &&
2419
- console.error(
2420
- "forwardRef render functions accept exactly two parameters: props and ref. %s",
2421
- 1 === render.length
2422
- ? "Did you forget to use the ref parameter?"
2423
- : "Any additional parameter will be undefined."
2424
- );
2425
- null != render &&
2426
- null != render.defaultProps &&
2427
- console.error(
2428
- "forwardRef render functions do not support defaultProps. Did you accidentally pass a React component?"
2429
- );
2430
- var elementType = { $$typeof: REACT_FORWARD_REF_TYPE, render: render },
2431
- ownName;
2432
- Object.defineProperty(elementType, "displayName", {
2433
- enumerable: false,
2434
- configurable: true,
2435
- get: function () {
2436
- return ownName;
2437
- },
2438
- set: function (name) {
2439
- ownName = name;
2440
- render.name ||
2441
- render.displayName ||
2442
- (Object.defineProperty(render, "name", { value: name }),
2443
- (render.displayName = name));
2444
- }
2445
- });
2446
- return elementType;
2447
- };
2448
- exports.isValidElement = isValidElement;
2449
- exports.lazy = function (ctor) {
2450
- ctor = { _status: -1, _result: ctor };
2451
- var lazyType = {
2452
- $$typeof: REACT_LAZY_TYPE,
2453
- _payload: ctor,
2454
- _init: lazyInitializer
2455
- },
2456
- ioInfo = {
2457
- name: "lazy",
2458
- start: -1,
2459
- end: -1,
2460
- value: null,
2461
- owner: null,
2462
- debugStack: Error("react-stack-top-frame"),
2463
- debugTask: console.createTask ? console.createTask("lazy()") : null
2464
- };
2465
- ctor._ioInfo = ioInfo;
2466
- lazyType._debugInfo = [{ awaited: ioInfo }];
2467
- return lazyType;
2468
- };
2469
- exports.memo = function (type, compare) {
2470
- null == type &&
2471
- console.error(
2472
- "memo: The first argument must be a component. Instead received: %s",
2473
- null === type ? "null" : typeof type
2474
- );
2475
- compare = {
2476
- $$typeof: REACT_MEMO_TYPE,
2477
- type: type,
2478
- compare: void 0 === compare ? null : compare
2479
- };
2480
- var ownName;
2481
- Object.defineProperty(compare, "displayName", {
2482
- enumerable: false,
2483
- configurable: true,
2484
- get: function () {
2485
- return ownName;
2486
- },
2487
- set: function (name) {
2488
- ownName = name;
2489
- type.name ||
2490
- type.displayName ||
2491
- (Object.defineProperty(type, "name", { value: name }),
2492
- (type.displayName = name));
2493
- }
2494
- });
2495
- return compare;
2496
- };
2497
- exports.startTransition = function (scope) {
2498
- var prevTransition = ReactSharedInternals.T,
2499
- currentTransition = {};
2500
- currentTransition._updatedFibers = new Set();
2501
- ReactSharedInternals.T = currentTransition;
2502
- try {
2503
- var returnValue = scope(),
2504
- onStartTransitionFinish = ReactSharedInternals.S;
2505
- null !== onStartTransitionFinish &&
2506
- onStartTransitionFinish(currentTransition, returnValue);
2507
- "object" === typeof returnValue &&
2508
- null !== returnValue &&
2509
- "function" === typeof returnValue.then &&
2510
- (ReactSharedInternals.asyncTransitions++,
2511
- returnValue.then(releaseAsyncTransition, releaseAsyncTransition),
2512
- returnValue.then(noop, reportGlobalError));
2513
- } catch (error) {
2514
- reportGlobalError(error);
2515
- } finally {
2516
- null === prevTransition &&
2517
- currentTransition._updatedFibers &&
2518
- ((scope = currentTransition._updatedFibers.size),
2519
- currentTransition._updatedFibers.clear(),
2520
- 10 < scope &&
2521
- console.warn(
2522
- "Detected a large number of updates inside startTransition. If this is due to a subscription please re-write it to use React provided hooks. Otherwise concurrent mode guarantees are off the table."
2523
- )),
2524
- null !== prevTransition &&
2525
- null !== currentTransition.types &&
2526
- (null !== prevTransition.types &&
2527
- prevTransition.types !== currentTransition.types &&
2528
- console.error(
2529
- "We expected inner Transitions to have transferred the outer types set and that you cannot add to the outer Transition while inside the inner.This is a bug in React."
2530
- ),
2531
- (prevTransition.types = currentTransition.types)),
2532
- (ReactSharedInternals.T = prevTransition);
2533
- }
2534
- };
2535
- exports.unstable_useCacheRefresh = function () {
2536
- return resolveDispatcher().useCacheRefresh();
2537
- };
2538
- exports.use = function (usable) {
2539
- return resolveDispatcher().use(usable);
2540
- };
2541
- exports.useActionState = function (action, initialState, permalink) {
2542
- return resolveDispatcher().useActionState(
2543
- action,
2544
- initialState,
2545
- permalink
2546
- );
2547
- };
2548
- exports.useCallback = function (callback, deps) {
2549
- return resolveDispatcher().useCallback(callback, deps);
2550
- };
2551
- exports.useContext = function (Context) {
2552
- var dispatcher = resolveDispatcher();
2553
- Context.$$typeof === REACT_CONSUMER_TYPE &&
2554
- console.error(
2555
- "Calling useContext(Context.Consumer) is not supported and will cause bugs. Did you mean to call useContext(Context) instead?"
2556
- );
2557
- return dispatcher.useContext(Context);
2558
- };
2559
- exports.useDebugValue = function (value, formatterFn) {
2560
- return resolveDispatcher().useDebugValue(value, formatterFn);
2561
- };
2562
- exports.useDeferredValue = function (value, initialValue) {
2563
- return resolveDispatcher().useDeferredValue(value, initialValue);
2564
- };
2565
- exports.useEffect = function (create, deps) {
2566
- null == create &&
2567
- console.warn(
2568
- "React Hook useEffect requires an effect callback. Did you forget to pass a callback to the hook?"
2569
- );
2570
- return resolveDispatcher().useEffect(create, deps);
2571
- };
2572
- exports.useEffectEvent = function (callback) {
2573
- return resolveDispatcher().useEffectEvent(callback);
2574
- };
2575
- exports.useId = function () {
2576
- return resolveDispatcher().useId();
2577
- };
2578
- exports.useImperativeHandle = function (ref, create, deps) {
2579
- return resolveDispatcher().useImperativeHandle(ref, create, deps);
2580
- };
2581
- exports.useInsertionEffect = function (create, deps) {
2582
- null == create &&
2583
- console.warn(
2584
- "React Hook useInsertionEffect requires an effect callback. Did you forget to pass a callback to the hook?"
2585
- );
2586
- return resolveDispatcher().useInsertionEffect(create, deps);
2587
- };
2588
- exports.useLayoutEffect = function (create, deps) {
2589
- null == create &&
2590
- console.warn(
2591
- "React Hook useLayoutEffect requires an effect callback. Did you forget to pass a callback to the hook?"
2592
- );
2593
- return resolveDispatcher().useLayoutEffect(create, deps);
2594
- };
2595
- exports.useMemo = function (create, deps) {
2596
- return resolveDispatcher().useMemo(create, deps);
2597
- };
2598
- exports.useOptimistic = function (passthrough, reducer) {
2599
- return resolveDispatcher().useOptimistic(passthrough, reducer);
2600
- };
2601
- exports.useReducer = function (reducer, initialArg, init) {
2602
- return resolveDispatcher().useReducer(reducer, initialArg, init);
2603
- };
2604
- exports.useRef = function (initialValue) {
2605
- return resolveDispatcher().useRef(initialValue);
2606
- };
2607
- exports.useState = function (initialState) {
2608
- return resolveDispatcher().useState(initialState);
2609
- };
2610
- exports.useSyncExternalStore = function (
2611
- subscribe,
2612
- getSnapshot,
2613
- getServerSnapshot
2614
- ) {
2615
- return resolveDispatcher().useSyncExternalStore(
2616
- subscribe,
2617
- getSnapshot,
2618
- getServerSnapshot
2619
- );
2620
- };
2621
- exports.useTransition = function () {
2622
- return resolveDispatcher().useTransition();
2623
- };
2624
- exports.version = "19.2.0";
2625
- "undefined" !== typeof __REACT_DEVTOOLS_GLOBAL_HOOK__ &&
2626
- "function" ===
2627
- typeof __REACT_DEVTOOLS_GLOBAL_HOOK__.registerInternalModuleStop &&
2628
- __REACT_DEVTOOLS_GLOBAL_HOOK__.registerInternalModuleStop(Error());
2629
- })();
2630
- } (react_development, react_development.exports));
2631
- return react_development.exports;
2632
- }
2633
-
2634
- var hasRequiredReact;
2635
-
2636
- function requireReact () {
2637
- if (hasRequiredReact) return react.exports;
2638
- hasRequiredReact = 1;
2639
-
2640
- if (process.env.NODE_ENV === 'production') {
2641
- react.exports = requireReact_production();
2642
- } else {
2643
- react.exports = requireReact_development();
2644
- }
2645
- return react.exports;
2646
- }
2647
-
2648
- var reactExports = requireReact();
2649
-
2650
- /**
2651
- * React Hook: handles <input type="file" onChange> with validation + scanning.
2652
- */
2653
- function useFileScanner() {
2654
- const [results, setResults] = reactExports.useState([]);
2655
- const [errors, setErrors] = reactExports.useState([]);
2656
- const onChange = reactExports.useCallback(async (e) => {
2657
- const fileList = Array.from(e.target.files || []);
2658
- const good = [];
2659
- const bad = [];
2660
- for (const file of fileList) {
2661
- const { valid, error } = validateFile(file);
2662
- if (valid)
2663
- good.push(file);
2664
- else
2665
- bad.push({ file, error: error });
2666
- }
2667
- setErrors(bad);
2668
- if (good.length) {
2669
- const scanned = await scanFiles(good);
2670
- setResults(scanned.map((r, i) => ({ file: good[i], report: r })));
2671
- }
2672
- else {
2673
- setResults([]);
2674
- }
2675
- }, []);
2676
- return { results, errors, onChange };
2677
- }
2678
-
2679
825
  async function createRemoteEngine(opts) {
2680
826
  const { endpoint, headers = {}, rulesField = 'rules', fileField = 'file', mode = 'multipart', rulesAsBase64 = false, } = opts;
2681
827
  const engine = {
@@ -2764,548 +910,121 @@ async function scanFilesWithRemoteYara(files, rulesSource, remote) {
2764
910
  return results;
2765
911
  }
2766
912
 
2767
- /** Decompilation-specific types for Pompelmi */
2768
- const SUSPICIOUS_PATTERNS = [
2769
- {
2770
- name: 'syscall_direct',
2771
- description: 'Direct system call without library wrapper',
2772
- severity: 'medium',
2773
- pattern: /syscall|sysenter|int\s+0x80/i
2774
- },
2775
- {
2776
- name: 'process_injection',
2777
- description: 'Process injection techniques',
2778
- severity: 'high',
2779
- pattern: /CreateRemoteThread|WriteProcessMemory|VirtualAllocEx/i
2780
- },
2781
- {
2782
- name: 'anti_debug',
2783
- description: 'Anti-debugging techniques',
2784
- severity: 'medium',
2785
- pattern: /IsDebuggerPresent|CheckRemoteDebuggerPresent|OutputDebugString/i
2786
- },
2787
- {
2788
- name: 'obfuscation_xor',
2789
- description: 'XOR-based obfuscation pattern',
2790
- severity: 'medium',
2791
- pattern: /xor.*0x[0-9a-f]+.*xor/i
2792
- },
2793
- {
2794
- name: 'crypto_constants',
2795
- description: 'Cryptographic constants',
2796
- severity: 'low',
2797
- pattern: /0x67452301|0xefcdab89|0x98badcfe|0x10325476/i
2798
- }
2799
- ];
2800
-
2801
- /**
2802
- * HIPAA Compliance Module for Pompelmi
2803
- *
2804
- * This module provides comprehensive HIPAA compliance features for healthcare environments
2805
- * where Pompelmi is used to analyze potentially compromised systems containing PHI.
2806
- *
2807
- * Key protections:
2808
- * - Data sanitization and redaction
2809
- * - Secure temporary file handling
2810
- * - Audit logging
2811
- * - Memory protection
2812
- * - Error message sanitization
2813
- */
2814
- class HipaaComplianceManager {
2815
- constructor(config) {
2816
- this.auditEvents = [];
2817
- this.config = {
2818
- sanitizeErrors: true,
2819
- sanitizeFilenames: true,
2820
- encryptTempFiles: true,
2821
- memoryProtection: true,
2822
- requireSecureTransport: true,
2823
- ...config,
2824
- enabled: config.enabled !== undefined ? config.enabled : true
2825
- };
2826
- this.sessionId = this.generateSessionId();
2827
- }
2828
- /**
2829
- * Sanitize filename to prevent PHI leakage in logs
2830
- */
2831
- sanitizeFilename(filename) {
2832
- if (!this.config.enabled || !this.config.sanitizeFilenames || !filename) {
2833
- return filename || 'unknown';
2834
- }
2835
- // Remove potentially sensitive path information
2836
- const basename = path.basename(filename);
2837
- // Hash the filename to create a consistent but non-revealing identifier
2838
- const hash = crypto.createHash('sha256').update(basename).digest('hex').substring(0, 8);
2839
- // Preserve file extension for analysis purposes
2840
- const ext = path.extname(basename);
2841
- return `file_${hash}${ext}`;
2842
- }
2843
- /**
2844
- * Sanitize error messages to prevent PHI exposure
2845
- */
2846
- sanitizeError(error) {
2847
- if (!this.config.enabled || !this.config.sanitizeErrors) {
2848
- return typeof error === 'string' ? error : error.message;
2849
- }
2850
- const message = typeof error === 'string' ? error : error.message;
2851
- // Remove common patterns that might contain PHI
2852
- let sanitized = message
2853
- // Remove file paths
2854
- .replace(/[A-Za-z]:\\\\[^\\s]+/g, '[REDACTED_PATH]')
2855
- .replace(/\/[^\\s]+/g, '[REDACTED_PATH]')
2856
- // Remove potential patient identifiers (numbers that could be MRNs, SSNs)
2857
- .replace(/\\b\\d{3}-?\\d{2}-?\\d{4}\\b/g, '[REDACTED_ID]')
2858
- .replace(/\\b\\d{6,}\\b/g, '[REDACTED_ID]')
2859
- // Remove email addresses
2860
- .replace(/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}/g, '[REDACTED_EMAIL]')
2861
- // Remove potential names (capitalize words in error messages)
2862
- .replace(/\\b[A-Z][a-z]+\\s+[A-Z][a-z]+\\b/g, '[REDACTED_NAME]')
2863
- // Remove IP addresses
2864
- .replace(/\\b(?:\\d{1,3}\\.){3}\\d{1,3}\\b/g, '[REDACTED_IP]');
2865
- return sanitized;
2866
- }
2867
- /**
2868
- * Create secure temporary file path with encryption if enabled
2869
- */
2870
- createSecureTempPath(prefix = 'pompelmi') {
2871
- if (!this.config.enabled) {
2872
- return path.join(os.tmpdir(), `${prefix}-${Date.now()}-${Math.random().toString(36).slice(2)}`);
2873
- }
2874
- // Use cryptographically secure random names
2875
- const randomId = crypto.randomBytes(16).toString('hex');
2876
- const timestamp = Date.now();
2877
- // Create path in secure temp directory
2878
- const secureTempDir = this.getSecureTempDir();
2879
- const tempPath = path.join(secureTempDir, `${prefix}-${timestamp}-${randomId}`);
2880
- this.auditLog('temp_file_created', {
2881
- action: 'create_temp_file',
2882
- success: true,
2883
- metadata: { path: this.sanitizeFilename(tempPath) }
2884
- });
2885
- return tempPath;
2886
- }
2887
- /**
2888
- * Get or create secure temporary directory with restricted permissions
2889
- */
2890
- getSecureTempDir() {
2891
- const secureTempPath = path.join(os.tmpdir(), 'pompelmi-secure');
2892
- try {
2893
- const fs = require('fs');
2894
- if (!fs.existsSync(secureTempPath)) {
2895
- fs.mkdirSync(secureTempPath, { mode: 0o700 }); // Owner read/write/execute only
2896
- }
2897
- }
2898
- catch (error) {
2899
- // Fallback to system temp
2900
- return os.tmpdir();
2901
- }
2902
- return secureTempPath;
2903
- }
2904
- /**
2905
- * Secure file cleanup with multiple overwrite passes
2906
- */
2907
- async secureFileCleanup(filePath) {
2908
- if (!this.config.enabled) {
2909
- try {
2910
- const fs = await import('fs/promises');
2911
- await fs.unlink(filePath);
913
+ const SIG_CEN = 0x02014b50;
914
+ const DEFAULTS = {
915
+ maxEntries: 1000,
916
+ maxTotalUncompressedBytes: 500 * 1024 * 1024,
917
+ maxEntryNameLength: 255,
918
+ maxCompressionRatio: 1000,
919
+ eocdSearchWindow: 70000,
920
+ };
921
+ function r16(buf, off) {
922
+ return buf.readUInt16LE(off);
923
+ }
924
+ function r32(buf, off) {
925
+ return buf.readUInt32LE(off);
926
+ }
927
+ function isZipLike(buf) {
928
+ // local file header at start is common
929
+ return buf.length >= 4 && buf[0] === 0x50 && buf[1] === 0x4b && buf[2] === 0x03 && buf[3] === 0x04;
930
+ }
931
+ function lastIndexOfEOCD(buf, window) {
932
+ const sig = Buffer.from([0x50, 0x4b, 0x05, 0x06]);
933
+ const start = Math.max(0, buf.length - window);
934
+ const idx = buf.lastIndexOf(sig, Math.min(buf.length - sig.length, buf.length - 1));
935
+ return idx >= start ? idx : -1;
936
+ }
937
+ function hasTraversal(name) {
938
+ return name.includes('../') || name.includes('..\\') || name.startsWith('/') || /^[A-Za-z]:/.test(name);
939
+ }
940
+ function createZipBombGuard(opts = {}) {
941
+ const cfg = { ...DEFAULTS, ...opts };
942
+ return {
943
+ async scan(input) {
944
+ const buf = Buffer.from(input);
945
+ const matches = [];
946
+ if (!isZipLike(buf))
947
+ return matches;
948
+ // Find EOCD near the end
949
+ const eocdPos = lastIndexOfEOCD(buf, cfg.eocdSearchWindow);
950
+ if (eocdPos < 0 || eocdPos + 22 > buf.length) {
951
+ // ZIP but no EOCD malformed or polyglot suspicious
952
+ matches.push({ rule: 'zip_eocd_not_found', severity: 'medium' });
953
+ return matches;
2912
954
  }
2913
- catch {
2914
- // Ignore cleanup errors
955
+ const totalEntries = r16(buf, eocdPos + 10);
956
+ const cdSize = r32(buf, eocdPos + 12);
957
+ const cdOffset = r32(buf, eocdPos + 16);
958
+ // Bounds check
959
+ if (cdOffset + cdSize > buf.length) {
960
+ matches.push({ rule: 'zip_cd_out_of_bounds', severity: 'medium' });
961
+ return matches;
2915
962
  }
2916
- return;
2917
- }
2918
- try {
2919
- const fs = await import('fs/promises');
2920
- const stats = await fs.stat(filePath);
2921
- if (this.config.memoryProtection) {
2922
- // Overwrite file with random data multiple times (DoD 5220.22-M standard)
2923
- const fileSize = stats.size;
2924
- const buffer = crypto.randomBytes(Math.min(fileSize, 64 * 1024)); // 64KB chunks
2925
- for (let pass = 0; pass < 3; pass++) {
2926
- const handle = await fs.open(filePath, 'r+');
2927
- try {
2928
- for (let offset = 0; offset < fileSize; offset += buffer.length) {
2929
- const chunk = offset + buffer.length > fileSize
2930
- ? buffer.subarray(0, fileSize - offset)
2931
- : buffer;
2932
- await handle.write(chunk, 0, chunk.length, offset);
2933
- }
2934
- await handle.sync();
2935
- }
2936
- finally {
2937
- await handle.close();
2938
- }
963
+ // Iterate central directory entries
964
+ let ptr = cdOffset;
965
+ let seen = 0;
966
+ let sumComp = 0;
967
+ let sumUnc = 0;
968
+ while (ptr + 46 <= cdOffset + cdSize && seen < totalEntries) {
969
+ const sig = r32(buf, ptr);
970
+ if (sig !== SIG_CEN)
971
+ break; // stop if structure breaks
972
+ const compSize = r32(buf, ptr + 20);
973
+ const uncSize = r32(buf, ptr + 24);
974
+ const fnLen = r16(buf, ptr + 28);
975
+ const exLen = r16(buf, ptr + 30);
976
+ const cmLen = r16(buf, ptr + 32);
977
+ const nameStart = ptr + 46;
978
+ const nameEnd = nameStart + fnLen;
979
+ if (nameEnd > buf.length)
980
+ break;
981
+ const name = buf.toString('utf8', nameStart, nameEnd);
982
+ sumComp += compSize;
983
+ sumUnc += uncSize;
984
+ seen++;
985
+ if (name.length > cfg.maxEntryNameLength) {
986
+ matches.push({ rule: 'zip_entry_name_too_long', severity: 'medium', meta: { name, length: name.length } });
2939
987
  }
2940
- }
2941
- // Final deletion
2942
- await fs.unlink(filePath);
2943
- this.auditLog('temp_file_deleted', {
2944
- action: 'secure_delete',
2945
- success: true,
2946
- metadata: {
2947
- path: this.sanitizeFilename(filePath),
2948
- overwritePasses: this.config.memoryProtection ? 3 : 0
988
+ if (hasTraversal(name)) {
989
+ matches.push({ rule: 'zip_path_traversal_entry', severity: 'medium', meta: { name } });
2949
990
  }
2950
- });
2951
- }
2952
- catch (error) {
2953
- this.auditLog('temp_file_deleted', {
2954
- action: 'secure_delete',
2955
- success: false,
2956
- sanitizedError: this.sanitizeError(error),
2957
- metadata: { path: this.sanitizeFilename(filePath) }
2958
- });
2959
- }
2960
- }
2961
- /**
2962
- * Calculate secure file hash for audit purposes
2963
- */
2964
- calculateFileHash(data) {
2965
- return crypto.createHash('sha256').update(data).digest('hex');
2966
- }
2967
- /**
2968
- * Log audit event
2969
- */
2970
- auditLog(eventType, details) {
2971
- if (!this.config.enabled)
2972
- return;
2973
- const event = {
2974
- timestamp: new Date().toISOString(),
2975
- eventType,
2976
- sessionId: this.sessionId,
2977
- details: {
2978
- action: details.action || 'unknown',
2979
- success: details.success ?? true,
2980
- ...details
991
+ // move to next entry
992
+ ptr = nameEnd + exLen + cmLen;
2981
993
  }
2982
- };
2983
- this.auditEvents.push(event);
2984
- // Write to audit log file if configured
2985
- if (this.config.auditLogPath) {
2986
- this.writeAuditLog(event).catch(() => {
2987
- // Silent failure to prevent error loops
2988
- });
2989
- }
2990
- }
2991
- /**
2992
- * Write audit event to file
2993
- */
2994
- async writeAuditLog(event) {
2995
- if (!this.config.auditLogPath)
2996
- return;
2997
- try {
2998
- const fs = await import('fs/promises');
2999
- const logLine = JSON.stringify(event) + '\\n';
3000
- await fs.appendFile(this.config.auditLogPath, logLine, { flag: 'a' });
3001
- }
3002
- catch {
3003
- // Silent failure
3004
- }
3005
- }
3006
- /**
3007
- * Generate cryptographically secure session ID
3008
- */
3009
- generateSessionId() {
3010
- return crypto.randomBytes(16).toString('hex');
3011
- }
3012
- /**
3013
- * Get current audit events for this session
3014
- */
3015
- getAuditEvents() {
3016
- return [...this.auditEvents];
3017
- }
3018
- /**
3019
- * Clear sensitive data from memory
3020
- */
3021
- clearSensitiveData() {
3022
- if (!this.config.enabled || !this.config.memoryProtection)
3023
- return;
3024
- // Clear audit events
3025
- this.auditEvents.length = 0;
3026
- // Force garbage collection if available
3027
- if (global.gc) {
3028
- global.gc();
3029
- }
3030
- }
3031
- /**
3032
- * Validate transport security
3033
- */
3034
- validateTransportSecurity(url) {
3035
- if (!this.config.enabled || !this.config.requireSecureTransport) {
3036
- return true;
3037
- }
3038
- if (!url)
3039
- return true;
3040
- try {
3041
- const urlObj = new URL(url);
3042
- const isSecure = urlObj.protocol === 'https:' || urlObj.hostname === 'localhost' || urlObj.hostname === '127.0.0.1';
3043
- if (!isSecure) {
3044
- this.auditLog('security_violation', {
3045
- action: 'insecure_transport',
3046
- success: false,
3047
- metadata: { protocol: urlObj.protocol, hostname: urlObj.hostname }
994
+ if (seen !== totalEntries) {
995
+ // central dir truncated/odd, still report what we found
996
+ matches.push({ rule: 'zip_cd_truncated', severity: 'medium', meta: { seen, totalEntries } });
997
+ }
998
+ // Heuristics thresholds
999
+ if (seen > cfg.maxEntries) {
1000
+ matches.push({ rule: 'zip_too_many_entries', severity: 'medium', meta: { seen, limit: cfg.maxEntries } });
1001
+ }
1002
+ if (sumUnc > cfg.maxTotalUncompressedBytes) {
1003
+ matches.push({
1004
+ rule: 'zip_total_uncompressed_too_large',
1005
+ severity: 'medium',
1006
+ meta: { totalUncompressed: sumUnc, limit: cfg.maxTotalUncompressedBytes }
3048
1007
  });
3049
1008
  }
3050
- return isSecure;
3051
- }
3052
- catch {
3053
- return false;
1009
+ if (sumComp === 0 && sumUnc > 0) {
1010
+ matches.push({ rule: 'zip_suspicious_ratio', severity: 'medium', meta: { ratio: Infinity } });
1011
+ }
1012
+ else if (sumComp > 0) {
1013
+ const ratio = sumUnc / Math.max(1, sumComp);
1014
+ if (ratio >= cfg.maxCompressionRatio) {
1015
+ matches.push({ rule: 'zip_suspicious_ratio', severity: 'medium', meta: { ratio, limit: cfg.maxCompressionRatio } });
1016
+ }
1017
+ }
1018
+ return matches;
3054
1019
  }
3055
- }
3056
- }
3057
- // Global HIPAA compliance instance
3058
- let hipaaManager = null;
3059
- /**
3060
- * Initialize HIPAA compliance
3061
- */
3062
- function initializeHipaaCompliance(config) {
3063
- hipaaManager = new HipaaComplianceManager(config);
3064
- return hipaaManager;
3065
- }
3066
- /**
3067
- * Get current HIPAA compliance manager
3068
- */
3069
- function getHipaaManager() {
3070
- return hipaaManager;
3071
- }
3072
- /**
3073
- * HIPAA-compliant error wrapper
3074
- */
3075
- function createHipaaError(error, context) {
3076
- const manager = getHipaaManager();
3077
- if (!manager) {
3078
- return typeof error === 'string' ? new Error(error) : error;
3079
- }
3080
- const sanitizedMessage = manager.sanitizeError(error);
3081
- const hipaaError = new Error(sanitizedMessage);
3082
- manager.auditLog('error_occurred', {
3083
- action: context || 'error',
3084
- success: false,
3085
- sanitizedError: sanitizedMessage
3086
- });
3087
- return hipaaError;
3088
- }
3089
- /**
3090
- * HIPAA-compliant temporary file utilities
3091
- */
3092
- const HipaaTemp = {
3093
- createPath: (prefix) => {
3094
- const manager = getHipaaManager();
3095
- return manager ? manager.createSecureTempPath(prefix) : path.join(os.tmpdir(), `${prefix || 'pompelmi'}-${Date.now()}`);
3096
- },
3097
- cleanup: async (filePath) => {
3098
- const manager = getHipaaManager();
3099
- if (manager) {
3100
- await manager.secureFileCleanup(filePath);
3101
- }
3102
- else {
3103
- try {
3104
- const fs = await import('fs/promises');
3105
- await fs.unlink(filePath);
3106
- }
3107
- catch {
3108
- // Ignore errors
3109
- }
3110
- }
3111
- }
3112
- };
3113
-
3114
- function mapMatchesToVerdict(matches = []) {
3115
- if (!matches.length)
3116
- return 'clean';
3117
- const malHints = ['trojan', 'ransom', 'worm', 'spy', 'rootkit', 'keylog', 'botnet'];
3118
- const tagSet = new Set(matches.flatMap(m => (m.tags ?? []).map(t => t.toLowerCase())));
3119
- const nameHit = (r) => malHints.some(h => r.toLowerCase().includes(h));
3120
- const isMal = matches.some(m => nameHit(m.rule)) || tagSet.has('malware') || tagSet.has('critical');
3121
- return isMal ? 'malicious' : 'suspicious';
3122
- }
3123
-
3124
- function hasAsciiToken(buf, token) {
3125
- // Use latin1 so we can safely search binary
3126
- return buf.indexOf(token, 0, 'latin1') !== -1;
3127
- }
3128
- function startsWith(buf, bytes) {
3129
- if (buf.length < bytes.length)
3130
- return false;
3131
- for (let i = 0; i < bytes.length; i++)
3132
- if (buf[i] !== bytes[i])
3133
- return false;
3134
- return true;
3135
- }
3136
- function isPDF(buf) {
3137
- // %PDF-
3138
- return startsWith(buf, [0x25, 0x50, 0x44, 0x46, 0x2d]);
3139
- }
3140
- function isOleCfb(buf) {
3141
- // D0 CF 11 E0 A1 B1 1A E1
3142
- const sig = [0xD0, 0xCF, 0x11, 0xE0, 0xA1, 0xB1, 0x1A, 0xE1];
3143
- return startsWith(buf, sig);
3144
- }
3145
- function isZipLike$1(buf) {
3146
- // PK\x03\x04
3147
- return startsWith(buf, [0x50, 0x4b, 0x03, 0x04]);
3148
- }
3149
- function isPeExecutable(buf) {
3150
- // "MZ"
3151
- return startsWith(buf, [0x4d, 0x5a]);
3152
- }
3153
- /** OOXML macro hint via filename token in ZIP container */
3154
- function hasOoxmlMacros(buf) {
3155
- if (!isZipLike$1(buf))
3156
- return false;
3157
- return hasAsciiToken(buf, 'vbaProject.bin');
3158
- }
3159
- /** PDF risky features (/JavaScript, /OpenAction, /AA, /Launch) */
3160
- function pdfRiskTokens(buf) {
3161
- const tokens = ['/JavaScript', '/OpenAction', '/AA', '/Launch'];
3162
- return tokens.filter(t => hasAsciiToken(buf, t));
3163
- }
3164
- const CommonHeuristicsScanner = {
3165
- async scan(input) {
3166
- const buf = Buffer.from(input);
3167
- const matches = [];
3168
- // Office macros (OLE / OOXML)
3169
- if (isOleCfb(buf)) {
3170
- matches.push({ rule: 'office_ole_container', severity: 'suspicious' });
3171
- }
3172
- if (hasOoxmlMacros(buf)) {
3173
- matches.push({ rule: 'office_ooxml_macros', severity: 'suspicious' });
3174
- }
3175
- // PDF risky tokens
3176
- if (isPDF(buf)) {
3177
- const toks = pdfRiskTokens(buf);
3178
- if (toks.length) {
3179
- matches.push({
3180
- rule: 'pdf_risky_actions',
3181
- severity: 'suspicious',
3182
- meta: { tokens: toks }
3183
- });
3184
- }
3185
- }
3186
- // Executable header
3187
- if (isPeExecutable(buf)) {
3188
- matches.push({ rule: 'pe_executable_signature', severity: 'suspicious' });
3189
- }
3190
- return matches;
3191
- }
3192
- };
3193
-
3194
- const SIG_CEN = 0x02014b50;
3195
- const DEFAULTS = {
3196
- maxEntries: 1000,
3197
- maxTotalUncompressedBytes: 500 * 1024 * 1024,
3198
- maxEntryNameLength: 255,
3199
- maxCompressionRatio: 1000,
3200
- eocdSearchWindow: 70000,
3201
- };
3202
- function r16(buf, off) {
3203
- return buf.readUInt16LE(off);
3204
- }
3205
- function r32(buf, off) {
3206
- return buf.readUInt32LE(off);
3207
- }
3208
- function isZipLike(buf) {
3209
- // local file header at start is common
3210
- return buf.length >= 4 && buf[0] === 0x50 && buf[1] === 0x4b && buf[2] === 0x03 && buf[3] === 0x04;
3211
- }
3212
- function lastIndexOfEOCD(buf, window) {
3213
- const sig = Buffer.from([0x50, 0x4b, 0x05, 0x06]);
3214
- const start = Math.max(0, buf.length - window);
3215
- const idx = buf.lastIndexOf(sig, Math.min(buf.length - sig.length, buf.length - 1));
3216
- return idx >= start ? idx : -1;
3217
- }
3218
- function hasTraversal(name) {
3219
- return name.includes('../') || name.includes('..\\') || name.startsWith('/') || /^[A-Za-z]:/.test(name);
3220
- }
3221
- function createZipBombGuard(opts = {}) {
3222
- const cfg = { ...DEFAULTS, ...opts };
3223
- return {
3224
- async scan(input) {
3225
- const buf = Buffer.from(input);
3226
- const matches = [];
3227
- if (!isZipLike(buf))
3228
- return matches;
3229
- // Find EOCD near the end
3230
- const eocdPos = lastIndexOfEOCD(buf, cfg.eocdSearchWindow);
3231
- if (eocdPos < 0 || eocdPos + 22 > buf.length) {
3232
- // ZIP but no EOCD — malformed or polyglot → suspicious
3233
- matches.push({ rule: 'zip_eocd_not_found', severity: 'medium' });
3234
- return matches;
3235
- }
3236
- const totalEntries = r16(buf, eocdPos + 10);
3237
- const cdSize = r32(buf, eocdPos + 12);
3238
- const cdOffset = r32(buf, eocdPos + 16);
3239
- // Bounds check
3240
- if (cdOffset + cdSize > buf.length) {
3241
- matches.push({ rule: 'zip_cd_out_of_bounds', severity: 'medium' });
3242
- return matches;
3243
- }
3244
- // Iterate central directory entries
3245
- let ptr = cdOffset;
3246
- let seen = 0;
3247
- let sumComp = 0;
3248
- let sumUnc = 0;
3249
- while (ptr + 46 <= cdOffset + cdSize && seen < totalEntries) {
3250
- const sig = r32(buf, ptr);
3251
- if (sig !== SIG_CEN)
3252
- break; // stop if structure breaks
3253
- const compSize = r32(buf, ptr + 20);
3254
- const uncSize = r32(buf, ptr + 24);
3255
- const fnLen = r16(buf, ptr + 28);
3256
- const exLen = r16(buf, ptr + 30);
3257
- const cmLen = r16(buf, ptr + 32);
3258
- const nameStart = ptr + 46;
3259
- const nameEnd = nameStart + fnLen;
3260
- if (nameEnd > buf.length)
3261
- break;
3262
- const name = buf.toString('utf8', nameStart, nameEnd);
3263
- sumComp += compSize;
3264
- sumUnc += uncSize;
3265
- seen++;
3266
- if (name.length > cfg.maxEntryNameLength) {
3267
- matches.push({ rule: 'zip_entry_name_too_long', severity: 'medium', meta: { name, length: name.length } });
3268
- }
3269
- if (hasTraversal(name)) {
3270
- matches.push({ rule: 'zip_path_traversal_entry', severity: 'medium', meta: { name } });
3271
- }
3272
- // move to next entry
3273
- ptr = nameEnd + exLen + cmLen;
3274
- }
3275
- if (seen !== totalEntries) {
3276
- // central dir truncated/odd, still report what we found
3277
- matches.push({ rule: 'zip_cd_truncated', severity: 'medium', meta: { seen, totalEntries } });
3278
- }
3279
- // Heuristics thresholds
3280
- if (seen > cfg.maxEntries) {
3281
- matches.push({ rule: 'zip_too_many_entries', severity: 'medium', meta: { seen, limit: cfg.maxEntries } });
3282
- }
3283
- if (sumUnc > cfg.maxTotalUncompressedBytes) {
3284
- matches.push({
3285
- rule: 'zip_total_uncompressed_too_large',
3286
- severity: 'medium',
3287
- meta: { totalUncompressed: sumUnc, limit: cfg.maxTotalUncompressedBytes }
3288
- });
3289
- }
3290
- if (sumComp === 0 && sumUnc > 0) {
3291
- matches.push({ rule: 'zip_suspicious_ratio', severity: 'medium', meta: { ratio: Infinity } });
3292
- }
3293
- else if (sumComp > 0) {
3294
- const ratio = sumUnc / Math.max(1, sumComp);
3295
- if (ratio >= cfg.maxCompressionRatio) {
3296
- matches.push({ rule: 'zip_suspicious_ratio', severity: 'medium', meta: { ratio, limit: cfg.maxCompressionRatio } });
3297
- }
3298
- }
3299
- return matches;
3300
- }
3301
- };
1020
+ };
3302
1021
  }
3303
1022
 
3304
- const MB = 1024 * 1024;
1023
+ const MB$1 = 1024 * 1024;
3305
1024
  const DEFAULT_POLICY = {
3306
1025
  includeExtensions: ['zip', 'png', 'jpg', 'jpeg', 'pdf'],
3307
1026
  allowedMimeTypes: ['application/zip', 'image/png', 'image/jpeg', 'application/pdf', 'text/plain'],
3308
- maxFileSizeBytes: 20 * MB,
1027
+ maxFileSizeBytes: 20 * MB$1,
3309
1028
  timeoutMs: 5000,
3310
1029
  concurrency: 4,
3311
1030
  failClosed: true
@@ -3326,25 +1045,274 @@ function definePolicy(input = {}) {
3326
1045
  }
3327
1046
 
3328
1047
  /**
3329
- * Batch scanning with concurrency control
3330
- * @module utils/batch-scanner
1048
+ * Policy packs for Pompelmi.
1049
+ *
1050
+ * Pre-configured, named policies for common upload scenarios. Each pack
1051
+ * defines the file type allowlist, size limits, and timeout appropriate for
1052
+ * its use case.
1053
+ *
1054
+ * All packs are built on `definePolicy` and are fully overridable:
1055
+ *
1056
+ * ```ts
1057
+ * import { POLICY_PACKS } from 'pompelmi/policy-packs';
1058
+ *
1059
+ * // Use a pack as-is:
1060
+ * const policy = POLICY_PACKS['images-only'];
1061
+ *
1062
+ * // Or override individual fields:
1063
+ * import { definePolicy } from 'pompelmi';
1064
+ * const custom = definePolicy({ ...POLICY_PACKS['documents-only'], maxFileSizeBytes: 5 * 1024 * 1024 });
1065
+ * ```
1066
+ *
1067
+ * These packs are *deterministic* and *descriptor-based* — they do not
1068
+ * depend on any external threat intelligence feed.
1069
+ *
1070
+ * @module policy-packs
3331
1071
  */
1072
+ const KB = 1024;
1073
+ const MB = 1024 * KB;
1074
+ // ── Policy packs ──────────────────────────────────────────────────────────────
3332
1075
  /**
3333
- * Batch file scanner with concurrency control and progress tracking
1076
+ * Documents-only policy.
1077
+ *
1078
+ * Appropriate for: document management APIs, PDF/Office file upload endpoints,
1079
+ * data import pipelines.
1080
+ *
1081
+ * Allowed: PDF, Word (.docx/.doc), Excel (.xlsx/.xls), PowerPoint (.pptx/.ppt),
1082
+ * CSV, plain text, JSON, YAML, ODT/ODS/ODP (OpenDocument).
1083
+ * Max size: 25 MB.
3334
1084
  */
3335
- class BatchScanner {
3336
- constructor(options = {}) {
3337
- this.options = {
3338
- concurrency: 5,
3339
- continueOnError: true,
3340
- ...options,
3341
- };
3342
- }
3343
- /**
3344
- * Scan multiple files with controlled concurrency
3345
- */
3346
- async scanBatch(tasks) {
3347
- const startTime = Date.now();
1085
+ const DOCUMENTS_ONLY = definePolicy({
1086
+ includeExtensions: [
1087
+ 'pdf',
1088
+ 'doc', 'docx',
1089
+ 'xls', 'xlsx',
1090
+ 'ppt', 'pptx',
1091
+ 'odt', 'ods', 'odp',
1092
+ 'csv',
1093
+ 'txt',
1094
+ 'json',
1095
+ 'yaml', 'yml',
1096
+ 'md',
1097
+ ],
1098
+ allowedMimeTypes: [
1099
+ 'application/pdf',
1100
+ 'application/msword',
1101
+ 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
1102
+ 'application/vnd.ms-excel',
1103
+ 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
1104
+ 'application/vnd.ms-powerpoint',
1105
+ 'application/vnd.openxmlformats-officedocument.presentationml.presentation',
1106
+ 'application/vnd.oasis.opendocument.text',
1107
+ 'application/vnd.oasis.opendocument.spreadsheet',
1108
+ 'application/vnd.oasis.opendocument.presentation',
1109
+ 'text/csv',
1110
+ 'text/plain',
1111
+ 'application/json',
1112
+ 'text/yaml',
1113
+ 'text/markdown',
1114
+ ],
1115
+ maxFileSizeBytes: 25 * MB,
1116
+ timeoutMs: 10000,
1117
+ concurrency: 4,
1118
+ failClosed: true,
1119
+ });
1120
+ /**
1121
+ * Images-only policy.
1122
+ *
1123
+ * Appropriate for: avatar uploads, product image APIs, content platforms with
1124
+ * user-generated imagery.
1125
+ *
1126
+ * Allowed: JPEG, PNG, GIF, WebP, AVIF, TIFF, BMP, ICO.
1127
+ * Max size: 10 MB.
1128
+ * Note: SVG is intentionally excluded — inline SVGs can contain scripts.
1129
+ */
1130
+ const IMAGES_ONLY = definePolicy({
1131
+ includeExtensions: ['jpg', 'jpeg', 'png', 'gif', 'webp', 'avif', 'tiff', 'tif', 'bmp', 'ico'],
1132
+ allowedMimeTypes: [
1133
+ 'image/jpeg',
1134
+ 'image/png',
1135
+ 'image/gif',
1136
+ 'image/webp',
1137
+ 'image/avif',
1138
+ 'image/tiff',
1139
+ 'image/bmp',
1140
+ 'image/x-icon',
1141
+ 'image/vnd.microsoft.icon',
1142
+ ],
1143
+ maxFileSizeBytes: 10 * MB,
1144
+ timeoutMs: 5000,
1145
+ concurrency: 8,
1146
+ failClosed: true,
1147
+ });
1148
+ /**
1149
+ * Strict public-upload policy.
1150
+ *
1151
+ * Appropriate for: anonymous or low-trust upload endpoints, public APIs,
1152
+ * any surface exposed to untrusted users.
1153
+ *
1154
+ * Aggressive size limit (5 MB), short timeout, fail-closed, narrow MIME
1155
+ * allowlist. Only allows plain images and PDF.
1156
+ */
1157
+ const STRICT_PUBLIC_UPLOAD = definePolicy({
1158
+ includeExtensions: ['jpg', 'jpeg', 'png', 'webp', 'pdf'],
1159
+ allowedMimeTypes: [
1160
+ 'image/jpeg',
1161
+ 'image/png',
1162
+ 'image/webp',
1163
+ 'application/pdf',
1164
+ ],
1165
+ maxFileSizeBytes: 5 * MB,
1166
+ timeoutMs: 4000,
1167
+ concurrency: 2,
1168
+ failClosed: true,
1169
+ });
1170
+ /**
1171
+ * Conservative default policy.
1172
+ *
1173
+ * A hardened version of the built-in `DEFAULT_POLICY` suitable for
1174
+ * production without further customisation. Stricter size limit and
1175
+ * shorter timeout than the permissive default.
1176
+ */
1177
+ const CONSERVATIVE_DEFAULT = definePolicy({
1178
+ includeExtensions: ['zip', 'png', 'jpg', 'jpeg', 'pdf', 'txt', 'csv', 'docx', 'xlsx'],
1179
+ allowedMimeTypes: [
1180
+ 'application/zip',
1181
+ 'image/png',
1182
+ 'image/jpeg',
1183
+ 'application/pdf',
1184
+ 'text/plain',
1185
+ 'text/csv',
1186
+ 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
1187
+ 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
1188
+ ],
1189
+ maxFileSizeBytes: 10 * MB,
1190
+ timeoutMs: 8000,
1191
+ concurrency: 4,
1192
+ failClosed: true,
1193
+ });
1194
+ /**
1195
+ * Archives policy.
1196
+ *
1197
+ * Appropriate for: endpoints that accept ZIP, tar, or compressed archives.
1198
+ * Combines a generous size allowance with a longer timeout for deep inspection.
1199
+ *
1200
+ * NOTE: Pair this policy with `createZipBombGuard()` to defend against
1201
+ * decompression-bomb attacks:
1202
+ *
1203
+ * ```ts
1204
+ * import { composeScanners, createZipBombGuard, CommonHeuristicsScanner } from 'pompelmi';
1205
+ * const scanner = composeScanners(
1206
+ * [['zipGuard', createZipBombGuard()], ['heuristics', CommonHeuristicsScanner]]
1207
+ * );
1208
+ * ```
1209
+ */
1210
+ const ARCHIVES = definePolicy({
1211
+ includeExtensions: ['zip', 'tar', 'gz', 'tgz', 'bz2', 'xz', '7z', 'rar'],
1212
+ allowedMimeTypes: [
1213
+ 'application/zip',
1214
+ 'application/x-tar',
1215
+ 'application/gzip',
1216
+ 'application/x-bzip2',
1217
+ 'application/x-xz',
1218
+ 'application/x-7z-compressed',
1219
+ 'application/x-rar-compressed',
1220
+ ],
1221
+ maxFileSizeBytes: 100 * MB,
1222
+ timeoutMs: 30000,
1223
+ concurrency: 2,
1224
+ failClosed: true,
1225
+ });
1226
+ /**
1227
+ * Named map of all built-in policy packs.
1228
+ *
1229
+ * ```ts
1230
+ * import { POLICY_PACKS } from 'pompelmi/policy-packs';
1231
+ * const policy = POLICY_PACKS['strict-public-upload'];
1232
+ * ```
1233
+ */
1234
+ const POLICY_PACKS = {
1235
+ 'documents-only': DOCUMENTS_ONLY,
1236
+ 'images-only': IMAGES_ONLY,
1237
+ 'strict-public-upload': STRICT_PUBLIC_UPLOAD,
1238
+ 'conservative-default': CONSERVATIVE_DEFAULT,
1239
+ 'archives': ARCHIVES,
1240
+ };
1241
+ /**
1242
+ * Look up a policy pack by name.
1243
+ * Throws if the name is not recognised.
1244
+ */
1245
+ function getPolicyPack(name) {
1246
+ const policy = POLICY_PACKS[name];
1247
+ if (!policy)
1248
+ throw new Error(`Unknown policy pack: '${name}'. Valid names: ${Object.keys(POLICY_PACKS).join(', ')}`);
1249
+ return policy;
1250
+ }
1251
+
1252
+ function mapMatchesToVerdict(matches = []) {
1253
+ if (!matches.length)
1254
+ return 'clean';
1255
+ const malHints = ['trojan', 'ransom', 'worm', 'spy', 'rootkit', 'keylog', 'botnet'];
1256
+ const tagSet = new Set(matches.flatMap(m => (m.tags ?? []).map(t => t.toLowerCase())));
1257
+ const nameHit = (r) => malHints.some(h => r.toLowerCase().includes(h));
1258
+ const isMal = matches.some(m => nameHit(m.rule)) || tagSet.has('malware') || tagSet.has('critical');
1259
+ return isMal ? 'malicious' : 'suspicious';
1260
+ }
1261
+
1262
+ /** Decompilation-specific types for Pompelmi */
1263
+ const SUSPICIOUS_PATTERNS = [
1264
+ {
1265
+ name: 'syscall_direct',
1266
+ description: 'Direct system call without library wrapper',
1267
+ severity: 'medium',
1268
+ pattern: /syscall|sysenter|int\s+0x80/i
1269
+ },
1270
+ {
1271
+ name: 'process_injection',
1272
+ description: 'Process injection techniques',
1273
+ severity: 'high',
1274
+ pattern: /CreateRemoteThread|WriteProcessMemory|VirtualAllocEx/i
1275
+ },
1276
+ {
1277
+ name: 'anti_debug',
1278
+ description: 'Anti-debugging techniques',
1279
+ severity: 'medium',
1280
+ pattern: /IsDebuggerPresent|CheckRemoteDebuggerPresent|OutputDebugString/i
1281
+ },
1282
+ {
1283
+ name: 'obfuscation_xor',
1284
+ description: 'XOR-based obfuscation pattern',
1285
+ severity: 'medium',
1286
+ pattern: /xor.*0x[0-9a-f]+.*xor/i
1287
+ },
1288
+ {
1289
+ name: 'crypto_constants',
1290
+ description: 'Cryptographic constants',
1291
+ severity: 'low',
1292
+ pattern: /0x67452301|0xefcdab89|0x98badcfe|0x10325476/i
1293
+ }
1294
+ ];
1295
+
1296
+ /**
1297
+ * Batch scanning with concurrency control
1298
+ * @module utils/batch-scanner
1299
+ */
1300
+ /**
1301
+ * Batch file scanner with concurrency control and progress tracking
1302
+ */
1303
+ class BatchScanner {
1304
+ constructor(options = {}) {
1305
+ this.options = {
1306
+ concurrency: 5,
1307
+ continueOnError: true,
1308
+ ...options,
1309
+ };
1310
+ }
1311
+ /**
1312
+ * Scan multiple files with controlled concurrency
1313
+ */
1314
+ async scanBatch(tasks) {
1315
+ const startTime = Date.now();
3348
1316
  const results = new Array(tasks.length);
3349
1317
  const errors = [];
3350
1318
  let successCount = 0;
@@ -3412,736 +1380,1049 @@ class BatchScanner {
3412
1380
  };
3413
1381
  }
3414
1382
  /**
3415
- * Scan files from File objects (browser environment)
1383
+ * Scan files from File objects (browser environment)
1384
+ */
1385
+ async scanFiles(files) {
1386
+ const tasks = await Promise.all(files.map(async (file) => ({
1387
+ content: new Uint8Array(await file.arrayBuffer()),
1388
+ context: {
1389
+ filename: file.name,
1390
+ mimeType: file.type,
1391
+ size: file.size,
1392
+ },
1393
+ })));
1394
+ return this.scanBatch(tasks);
1395
+ }
1396
+ /**
1397
+ * Scan files from file paths (Node.js environment)
1398
+ */
1399
+ async scanFilePaths(filePaths) {
1400
+ const fs = await import('fs/promises');
1401
+ const path = await import('path');
1402
+ const tasks = await Promise.all(filePaths.map(async (filePath) => {
1403
+ const [content, stats] = await Promise.all([
1404
+ fs.readFile(filePath),
1405
+ fs.stat(filePath),
1406
+ ]);
1407
+ return {
1408
+ content: new Uint8Array(content),
1409
+ context: {
1410
+ filename: path.basename(filePath),
1411
+ size: stats.size,
1412
+ },
1413
+ };
1414
+ }));
1415
+ return this.scanBatch(tasks);
1416
+ }
1417
+ }
1418
+ /**
1419
+ * Quick helper for batch scanning with default options
1420
+ */
1421
+ async function batchScan(tasks, options) {
1422
+ const scanner = new BatchScanner(options);
1423
+ return scanner.scanBatch(tasks);
1424
+ }
1425
+
1426
+ /**
1427
+ * Threat intelligence integration and enhanced detection
1428
+ * @module utils/threat-intelligence
1429
+ */
1430
+ /**
1431
+ * Built-in threat intelligence - known malware hashes
1432
+ * In production, this would connect to real threat intel APIs
1433
+ */
1434
+ class LocalThreatIntelligence {
1435
+ constructor() {
1436
+ this.name = 'Local Database';
1437
+ this.knownThreats = new Map();
1438
+ // Initialize with some example known threats (in production, load from database)
1439
+ this.initializeKnownThreats();
1440
+ }
1441
+ initializeKnownThreats() {
1442
+ // Example: EICAR test file hash
1443
+ this.knownThreats.set('275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f', {
1444
+ threatLevel: 100,
1445
+ category: 'test-malware',
1446
+ source: 'local',
1447
+ metadata: { name: 'EICAR Test File' },
1448
+ });
1449
+ }
1450
+ async checkHash(hash) {
1451
+ return this.knownThreats.get(hash.toLowerCase()) || null;
1452
+ }
1453
+ /**
1454
+ * Add a known threat to the local database
1455
+ */
1456
+ addThreat(hash, info) {
1457
+ this.knownThreats.set(hash.toLowerCase(), info);
1458
+ }
1459
+ /**
1460
+ * Remove a threat from the local database
1461
+ */
1462
+ removeThreat(hash) {
1463
+ return this.knownThreats.delete(hash.toLowerCase());
1464
+ }
1465
+ /**
1466
+ * Get all known threats
1467
+ */
1468
+ getAllThreats() {
1469
+ return new Map(this.knownThreats);
1470
+ }
1471
+ }
1472
+ /**
1473
+ * Threat intelligence aggregator
1474
+ */
1475
+ class ThreatIntelligenceAggregator {
1476
+ constructor(sources) {
1477
+ this.sources = [];
1478
+ if (sources) {
1479
+ this.sources = sources;
1480
+ }
1481
+ else {
1482
+ // Default to local intelligence
1483
+ this.sources = [new LocalThreatIntelligence()];
1484
+ }
1485
+ }
1486
+ /**
1487
+ * Add a threat intelligence source
1488
+ */
1489
+ addSource(source) {
1490
+ this.sources.push(source);
1491
+ }
1492
+ /**
1493
+ * Check file hash against all sources
1494
+ */
1495
+ async checkHash(hash) {
1496
+ const results = await Promise.allSettled(this.sources.map(source => source.checkHash(hash)));
1497
+ const threats = [];
1498
+ for (const result of results) {
1499
+ if (result.status === 'fulfilled' && result.value) {
1500
+ threats.push(result.value);
1501
+ }
1502
+ }
1503
+ return threats;
1504
+ }
1505
+ /**
1506
+ * Enhance scan report with threat intelligence
1507
+ */
1508
+ async enhanceScanReport(content, report) {
1509
+ // Calculate file hash
1510
+ const hash = createHash('sha256').update(content).digest('hex');
1511
+ // Check threat intelligence
1512
+ const threatIntel = await this.checkHash(hash);
1513
+ // Calculate risk score
1514
+ const riskScore = this.calculateRiskScore(report, threatIntel);
1515
+ return {
1516
+ ...report,
1517
+ fileHash: hash,
1518
+ threatIntel: threatIntel.length > 0 ? threatIntel : undefined,
1519
+ riskScore,
1520
+ };
1521
+ }
1522
+ /**
1523
+ * Calculate overall risk score based on scan results and threat intel
1524
+ */
1525
+ calculateRiskScore(report, threats) {
1526
+ let score = 0;
1527
+ // Base score from verdict
1528
+ switch (report.verdict) {
1529
+ case 'malicious':
1530
+ score += 70;
1531
+ break;
1532
+ case 'suspicious':
1533
+ score += 40;
1534
+ break;
1535
+ case 'clean':
1536
+ score += 0;
1537
+ break;
1538
+ }
1539
+ // Add points for number of matches
1540
+ score += Math.min(report.matches.length * 5, 20);
1541
+ // Add points from threat intelligence
1542
+ if (threats.length > 0) {
1543
+ const maxThreat = Math.max(...threats.map(t => t.threatLevel));
1544
+ score = Math.max(score, maxThreat);
1545
+ }
1546
+ return Math.min(score, 100);
1547
+ }
1548
+ }
1549
+ /**
1550
+ * Create default threat intelligence aggregator
1551
+ */
1552
+ function createThreatIntelligence() {
1553
+ return new ThreatIntelligenceAggregator();
1554
+ }
1555
+ /**
1556
+ * Helper to get file hash
1557
+ */
1558
+ function getFileHash(content) {
1559
+ return createHash('sha256').update(content).digest('hex');
1560
+ }
1561
+
1562
+ /**
1563
+ * Export utilities for scan results
1564
+ * @module utils/export
1565
+ */
1566
+ /**
1567
+ * Export scan results to various formats
1568
+ */
1569
+ class ScanResultExporter {
1570
+ /**
1571
+ * Export to JSON format
1572
+ */
1573
+ toJSON(reports, options = {}) {
1574
+ const data = Array.isArray(reports) ? reports : [reports];
1575
+ if (!options.includeDetails) {
1576
+ // Simplified output
1577
+ const simplified = data.map(r => ({
1578
+ verdict: r.verdict,
1579
+ file: r.file?.name,
1580
+ matches: r.matches.length,
1581
+ durationMs: r.durationMs,
1582
+ }));
1583
+ return options.prettyPrint
1584
+ ? JSON.stringify(simplified, null, 2)
1585
+ : JSON.stringify(simplified);
1586
+ }
1587
+ return options.prettyPrint
1588
+ ? JSON.stringify(data, null, 2)
1589
+ : JSON.stringify(data);
1590
+ }
1591
+ /**
1592
+ * Export to CSV format
1593
+ */
1594
+ toCSV(reports, options = {}) {
1595
+ const data = Array.isArray(reports) ? reports : [reports];
1596
+ const headers = [
1597
+ 'filename',
1598
+ 'verdict',
1599
+ 'matches_count',
1600
+ 'file_size',
1601
+ 'mime_type',
1602
+ 'duration_ms',
1603
+ 'engine',
1604
+ ];
1605
+ if (options.includeDetails) {
1606
+ headers.push('reasons', 'match_rules');
1607
+ }
1608
+ const rows = data.map(report => {
1609
+ const row = [
1610
+ this.escapeCsv(report.file?.name || 'unknown'),
1611
+ report.verdict,
1612
+ report.matches.length.toString(),
1613
+ (report.file?.size || 0).toString(),
1614
+ this.escapeCsv(report.file?.mimeType || 'unknown'),
1615
+ (report.durationMs || 0).toString(),
1616
+ report.engine || 'unknown',
1617
+ ];
1618
+ if (options.includeDetails) {
1619
+ row.push(this.escapeCsv((report.reasons || []).join('; ')), this.escapeCsv(report.matches.map(m => m.rule).join('; ')));
1620
+ }
1621
+ return row.join(',');
1622
+ });
1623
+ return [headers.join(','), ...rows].join('\n');
1624
+ }
1625
+ /**
1626
+ * Export to Markdown format
1627
+ */
1628
+ toMarkdown(reports, options = {}) {
1629
+ const data = Array.isArray(reports) ? reports : [reports];
1630
+ let md = '# Scan Results\n\n';
1631
+ md += `**Total Scans:** ${data.length}\n\n`;
1632
+ const clean = data.filter(r => r.verdict === 'clean').length;
1633
+ const suspicious = data.filter(r => r.verdict === 'suspicious').length;
1634
+ const malicious = data.filter(r => r.verdict === 'malicious').length;
1635
+ md += '## Summary\n\n';
1636
+ md += `- ✅ Clean: ${clean}\n`;
1637
+ md += `- ⚠️ Suspicious: ${suspicious}\n`;
1638
+ md += `- ❌ Malicious: ${malicious}\n\n`;
1639
+ md += '## Detailed Results\n\n';
1640
+ for (const report of data) {
1641
+ const icon = report.verdict === 'clean' ? '✅' : report.verdict === 'suspicious' ? '⚠️' : '❌';
1642
+ md += `### ${icon} ${report.file?.name || 'Unknown'}\n\n`;
1643
+ md += `- **Verdict:** ${report.verdict}\n`;
1644
+ md += `- **Size:** ${this.formatBytes(report.file?.size || 0)}\n`;
1645
+ md += `- **MIME Type:** ${report.file?.mimeType || 'unknown'}\n`;
1646
+ md += `- **Duration:** ${report.durationMs || 0}ms\n`;
1647
+ md += `- **Matches:** ${report.matches.length}\n`;
1648
+ if (options.includeDetails && report.matches.length > 0) {
1649
+ md += '\n**Match Details:**\n';
1650
+ for (const match of report.matches) {
1651
+ md += `- ${match.rule}`;
1652
+ if (match.tags && match.tags.length > 0) {
1653
+ md += ` (${match.tags.join(', ')})`;
1654
+ }
1655
+ md += '\n';
1656
+ }
1657
+ }
1658
+ md += '\n';
1659
+ }
1660
+ return md;
1661
+ }
1662
+ /**
1663
+ * Export to SARIF format (Static Analysis Results Interchange Format)
1664
+ * Useful for CI/CD integration
1665
+ */
1666
+ toSARIF(reports, options = {}) {
1667
+ const data = Array.isArray(reports) ? reports : [reports];
1668
+ const results = data.flatMap(report => {
1669
+ if (report.verdict === 'clean')
1670
+ return [];
1671
+ return report.matches.map(match => ({
1672
+ ruleId: match.rule,
1673
+ level: report.verdict === 'malicious' ? 'error' : 'warning',
1674
+ message: {
1675
+ text: `${match.rule} detected in ${report.file?.name || 'unknown file'}`,
1676
+ },
1677
+ locations: [
1678
+ {
1679
+ physicalLocation: {
1680
+ artifactLocation: {
1681
+ uri: report.file?.name || 'unknown',
1682
+ },
1683
+ },
1684
+ },
1685
+ ],
1686
+ properties: {
1687
+ tags: match.tags,
1688
+ metadata: match.meta,
1689
+ },
1690
+ }));
1691
+ });
1692
+ const sarif = {
1693
+ version: '2.1.0',
1694
+ $schema: 'https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json',
1695
+ runs: [
1696
+ {
1697
+ tool: {
1698
+ driver: {
1699
+ name: 'Pompelmi',
1700
+ version: '0.29.0',
1701
+ informationUri: 'https://pompelmi.github.io/pompelmi/',
1702
+ },
1703
+ },
1704
+ results,
1705
+ },
1706
+ ],
1707
+ };
1708
+ return options.prettyPrint
1709
+ ? JSON.stringify(sarif, null, 2)
1710
+ : JSON.stringify(sarif);
1711
+ }
1712
+ /**
1713
+ * Export to HTML format
1714
+ */
1715
+ toHTML(reports, options = {}) {
1716
+ const data = Array.isArray(reports) ? reports : [reports];
1717
+ const clean = data.filter(r => r.verdict === 'clean').length;
1718
+ const suspicious = data.filter(r => r.verdict === 'suspicious').length;
1719
+ const malicious = data.filter(r => r.verdict === 'malicious').length;
1720
+ let html = `<!DOCTYPE html>
1721
+ <html lang="en">
1722
+ <head>
1723
+ <meta charset="UTF-8">
1724
+ <meta name="viewport" content="width=device-width, initial-scale=1.0">
1725
+ <title>Pompelmi Scan Results</title>
1726
+ <style>
1727
+ body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; max-width: 1200px; margin: 0 auto; padding: 20px; }
1728
+ .summary { display: grid; grid-template-columns: repeat(3, 1fr); gap: 20px; margin: 20px 0; }
1729
+ .card { padding: 20px; border-radius: 8px; text-align: center; }
1730
+ .clean { background: #d4edda; color: #155724; }
1731
+ .suspicious { background: #fff3cd; color: #856404; }
1732
+ .malicious { background: #f8d7da; color: #721c24; }
1733
+ .result { border: 1px solid #ddd; border-radius: 8px; padding: 15px; margin: 10px 0; }
1734
+ .result h3 { margin-top: 0; }
1735
+ .badge { display: inline-block; padding: 4px 8px; border-radius: 4px; font-size: 0.8em; margin: 2px; }
1736
+ table { width: 100%; border-collapse: collapse; }
1737
+ th, td { padding: 8px; text-align: left; border-bottom: 1px solid #ddd; }
1738
+ </style>
1739
+ </head>
1740
+ <body>
1741
+ <h1>🛡️ Pompelmi Scan Results</h1>
1742
+ <div class="summary">
1743
+ <div class="card clean"><h2>${clean}</h2><p>Clean Files</p></div>
1744
+ <div class="card suspicious"><h2>${suspicious}</h2><p>Suspicious Files</p></div>
1745
+ <div class="card malicious"><h2>${malicious}</h2><p>Malicious Files</p></div>
1746
+ </div>
1747
+ <h2>Detailed Results</h2>`;
1748
+ for (const report of data) {
1749
+ const statusClass = report.verdict;
1750
+ html += `<div class="result ${statusClass}">`;
1751
+ html += `<h3>${this.escapeHtml(report.file?.name || 'Unknown')}</h3>`;
1752
+ html += `<table>`;
1753
+ html += `<tr><th>Verdict</th><td>${report.verdict.toUpperCase()}</td></tr>`;
1754
+ html += `<tr><th>Size</th><td>${this.formatBytes(report.file?.size || 0)}</td></tr>`;
1755
+ html += `<tr><th>MIME Type</th><td>${this.escapeHtml(report.file?.mimeType || 'unknown')}</td></tr>`;
1756
+ html += `<tr><th>Duration</th><td>${report.durationMs || 0}ms</td></tr>`;
1757
+ html += `<tr><th>Matches</th><td>${report.matches.length}</td></tr>`;
1758
+ html += `</table>`;
1759
+ if (options.includeDetails && report.matches.length > 0) {
1760
+ html += `<h4>Match Details:</h4><ul>`;
1761
+ for (const match of report.matches) {
1762
+ html += `<li><strong>${this.escapeHtml(match.rule)}</strong>`;
1763
+ if (match.tags && match.tags.length > 0) {
1764
+ html += ` ${match.tags.map(tag => `<span class="badge">${this.escapeHtml(tag)}</span>`).join('')}`;
1765
+ }
1766
+ html += `</li>`;
1767
+ }
1768
+ html += `</ul>`;
1769
+ }
1770
+ html += `</div>`;
1771
+ }
1772
+ html += `</body></html>`;
1773
+ return html;
1774
+ }
1775
+ /**
1776
+ * Export to specified format
1777
+ */
1778
+ export(reports, format, options = {}) {
1779
+ switch (format) {
1780
+ case 'json':
1781
+ return this.toJSON(reports, options);
1782
+ case 'csv':
1783
+ return this.toCSV(reports, options);
1784
+ case 'markdown':
1785
+ return this.toMarkdown(reports, options);
1786
+ case 'html':
1787
+ return this.toHTML(reports, options);
1788
+ case 'sarif':
1789
+ return this.toSARIF(reports, options);
1790
+ default:
1791
+ throw new Error(`Unsupported export format: ${format}`);
1792
+ }
1793
+ }
1794
+ escapeCsv(value) {
1795
+ if (value.includes(',') || value.includes('"') || value.includes('\n')) {
1796
+ return `"${value.replace(/"/g, '""')}"`;
1797
+ }
1798
+ return value;
1799
+ }
1800
+ escapeHtml(value) {
1801
+ return value
1802
+ .replace(/&/g, '&amp;')
1803
+ .replace(/</g, '&lt;')
1804
+ .replace(/>/g, '&gt;')
1805
+ .replace(/"/g, '&quot;')
1806
+ .replace(/'/g, '&#039;');
1807
+ }
1808
+ formatBytes(bytes) {
1809
+ if (bytes === 0)
1810
+ return '0 Bytes';
1811
+ const k = 1024;
1812
+ const sizes = ['Bytes', 'KB', 'MB', 'GB'];
1813
+ const i = Math.floor(Math.log(bytes) / Math.log(k));
1814
+ return Math.round(bytes / Math.pow(k, i) * 100) / 100 + ' ' + sizes[i];
1815
+ }
1816
+ }
1817
+ /**
1818
+ * Quick export helper
1819
+ */
1820
+ function exportScanResults(reports, format, options) {
1821
+ const exporter = new ScanResultExporter();
1822
+ return exporter.export(reports, format, options);
1823
+ }
1824
+
1825
+ /**
1826
+ * Advanced configuration system for pompelmi
1827
+ * @module config
1828
+ */
1829
+ /**
1830
+ * Default configuration
1831
+ */
1832
+ const DEFAULT_CONFIG = {
1833
+ defaultPreset: 'zip-basic',
1834
+ performance: {
1835
+ enableCache: false,
1836
+ enablePerformanceTracking: false,
1837
+ enableParallel: true,
1838
+ maxConcurrency: 5,
1839
+ cacheOptions: {
1840
+ maxSize: 1000,
1841
+ ttl: 3600000, // 1 hour
1842
+ enableLRU: true,
1843
+ enableStats: false,
1844
+ },
1845
+ },
1846
+ security: {
1847
+ maxFileSize: 100 * 1024 * 1024, // 100MB
1848
+ enableThreatIntel: false,
1849
+ scanTimeout: 30000, // 30 seconds
1850
+ strictMode: false,
1851
+ },
1852
+ advanced: {
1853
+ enablePolyglotDetection: true,
1854
+ enableObfuscationDetection: true,
1855
+ enableNestedArchiveAnalysis: true,
1856
+ maxArchiveDepth: 5,
1857
+ },
1858
+ logging: {
1859
+ verbose: false,
1860
+ level: 'info',
1861
+ enableStats: false,
1862
+ },
1863
+ };
1864
+ /**
1865
+ * Configuration presets for common use cases
1866
+ */
1867
+ const CONFIG_PRESETS = {
1868
+ /** Fast scanning with minimal features */
1869
+ fast: {
1870
+ defaultPreset: 'basic',
1871
+ performance: {
1872
+ enableCache: true,
1873
+ enablePerformanceTracking: false,
1874
+ maxConcurrency: 10,
1875
+ },
1876
+ advanced: {
1877
+ enablePolyglotDetection: false,
1878
+ enableObfuscationDetection: false,
1879
+ enableNestedArchiveAnalysis: false,
1880
+ },
1881
+ },
1882
+ /** Balanced scanning (recommended) */
1883
+ balanced: DEFAULT_CONFIG,
1884
+ /** Thorough scanning with all features */
1885
+ thorough: {
1886
+ defaultPreset: 'advanced',
1887
+ performance: {
1888
+ enableCache: true,
1889
+ enablePerformanceTracking: true,
1890
+ maxConcurrency: 3,
1891
+ },
1892
+ security: {
1893
+ maxFileSize: 500 * 1024 * 1024, // 500MB
1894
+ enableThreatIntel: true,
1895
+ scanTimeout: 60000, // 60 seconds
1896
+ strictMode: true,
1897
+ },
1898
+ advanced: {
1899
+ enablePolyglotDetection: true,
1900
+ enableObfuscationDetection: true,
1901
+ enableNestedArchiveAnalysis: true,
1902
+ maxArchiveDepth: 10,
1903
+ },
1904
+ logging: {
1905
+ verbose: true,
1906
+ level: 'debug',
1907
+ enableStats: true,
1908
+ },
1909
+ },
1910
+ /** Production-ready configuration */
1911
+ production: {
1912
+ defaultPreset: 'advanced',
1913
+ performance: {
1914
+ enableCache: true,
1915
+ enablePerformanceTracking: true,
1916
+ maxConcurrency: 5,
1917
+ cacheOptions: {
1918
+ maxSize: 5000,
1919
+ ttl: 7200000, // 2 hours
1920
+ enableLRU: true,
1921
+ enableStats: true,
1922
+ },
1923
+ },
1924
+ security: {
1925
+ maxFileSize: 200 * 1024 * 1024, // 200MB
1926
+ enableThreatIntel: true,
1927
+ scanTimeout: 45000,
1928
+ strictMode: false,
1929
+ },
1930
+ advanced: {
1931
+ enablePolyglotDetection: true,
1932
+ enableObfuscationDetection: true,
1933
+ enableNestedArchiveAnalysis: true,
1934
+ maxArchiveDepth: 7,
1935
+ },
1936
+ logging: {
1937
+ verbose: false,
1938
+ level: 'warn',
1939
+ enableStats: true,
1940
+ },
1941
+ },
1942
+ /** Development configuration */
1943
+ development: {
1944
+ defaultPreset: 'basic',
1945
+ performance: {
1946
+ enableCache: false,
1947
+ enablePerformanceTracking: true,
1948
+ maxConcurrency: 3,
1949
+ },
1950
+ security: {
1951
+ maxFileSize: 50 * 1024 * 1024, // 50MB
1952
+ scanTimeout: 15000,
1953
+ strictMode: false,
1954
+ },
1955
+ logging: {
1956
+ verbose: true,
1957
+ level: 'debug',
1958
+ enableStats: true,
1959
+ },
1960
+ },
1961
+ };
1962
+ /**
1963
+ * Configuration manager
1964
+ */
1965
+ class ConfigManager {
1966
+ constructor(initialConfig) {
1967
+ this.config = this.mergeConfig(DEFAULT_CONFIG, initialConfig || {});
1968
+ }
1969
+ /**
1970
+ * Get current configuration
3416
1971
  */
3417
- async scanFiles(files) {
3418
- const tasks = await Promise.all(files.map(async (file) => ({
3419
- content: new Uint8Array(await file.arrayBuffer()),
3420
- context: {
3421
- filename: file.name,
3422
- mimeType: file.type,
3423
- size: file.size,
3424
- },
3425
- })));
3426
- return this.scanBatch(tasks);
1972
+ getConfig() {
1973
+ return { ...this.config };
3427
1974
  }
3428
1975
  /**
3429
- * Scan files from file paths (Node.js environment)
1976
+ * Update configuration
3430
1977
  */
3431
- async scanFilePaths(filePaths) {
3432
- const fs = await import('fs/promises');
3433
- const path = await import('path');
3434
- const tasks = await Promise.all(filePaths.map(async (filePath) => {
3435
- const [content, stats] = await Promise.all([
3436
- fs.readFile(filePath),
3437
- fs.stat(filePath),
3438
- ]);
3439
- return {
3440
- content: new Uint8Array(content),
3441
- context: {
3442
- filename: path.basename(filePath),
3443
- size: stats.size,
3444
- },
3445
- };
3446
- }));
3447
- return this.scanBatch(tasks);
3448
- }
3449
- }
3450
- /**
3451
- * Quick helper for batch scanning with default options
3452
- */
3453
- async function batchScan(tasks, options) {
3454
- const scanner = new BatchScanner(options);
3455
- return scanner.scanBatch(tasks);
3456
- }
3457
-
3458
- /**
3459
- * Threat intelligence integration and enhanced detection
3460
- * @module utils/threat-intelligence
3461
- */
3462
- /**
3463
- * Built-in threat intelligence - known malware hashes
3464
- * In production, this would connect to real threat intel APIs
3465
- */
3466
- class LocalThreatIntelligence {
3467
- constructor() {
3468
- this.name = 'Local Database';
3469
- this.knownThreats = new Map();
3470
- // Initialize with some example known threats (in production, load from database)
3471
- this.initializeKnownThreats();
3472
- }
3473
- initializeKnownThreats() {
3474
- // Example: EICAR test file hash
3475
- this.knownThreats.set('275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f', {
3476
- threatLevel: 100,
3477
- category: 'test-malware',
3478
- source: 'local',
3479
- metadata: { name: 'EICAR Test File' },
3480
- });
3481
- }
3482
- async checkHash(hash) {
3483
- return this.knownThreats.get(hash.toLowerCase()) || null;
1978
+ updateConfig(updates) {
1979
+ this.config = this.mergeConfig(this.config, updates);
3484
1980
  }
3485
1981
  /**
3486
- * Add a known threat to the local database
1982
+ * Load a preset configuration
3487
1983
  */
3488
- addThreat(hash, info) {
3489
- this.knownThreats.set(hash.toLowerCase(), info);
1984
+ loadPreset(preset) {
1985
+ const presetConfig = CONFIG_PRESETS[preset];
1986
+ this.config = this.mergeConfig(DEFAULT_CONFIG, presetConfig);
3490
1987
  }
3491
1988
  /**
3492
- * Remove a threat from the local database
1989
+ * Reset to default configuration
3493
1990
  */
3494
- removeThreat(hash) {
3495
- return this.knownThreats.delete(hash.toLowerCase());
1991
+ reset() {
1992
+ this.config = { ...DEFAULT_CONFIG };
3496
1993
  }
3497
1994
  /**
3498
- * Get all known threats
1995
+ * Get a specific configuration value
3499
1996
  */
3500
- getAllThreats() {
3501
- return new Map(this.knownThreats);
3502
- }
3503
- }
3504
- /**
3505
- * Threat intelligence aggregator
3506
- */
3507
- class ThreatIntelligenceAggregator {
3508
- constructor(sources) {
3509
- this.sources = [];
3510
- if (sources) {
3511
- this.sources = sources;
3512
- }
3513
- else {
3514
- // Default to local intelligence
3515
- this.sources = [new LocalThreatIntelligence()];
3516
- }
1997
+ get(key) {
1998
+ return this.config[key];
3517
1999
  }
3518
2000
  /**
3519
- * Add a threat intelligence source
2001
+ * Set a specific configuration value
3520
2002
  */
3521
- addSource(source) {
3522
- this.sources.push(source);
2003
+ set(key, value) {
2004
+ this.config[key] = value;
3523
2005
  }
3524
2006
  /**
3525
- * Check file hash against all sources
2007
+ * Validate configuration
3526
2008
  */
3527
- async checkHash(hash) {
3528
- const results = await Promise.allSettled(this.sources.map(source => source.checkHash(hash)));
3529
- const threats = [];
3530
- for (const result of results) {
3531
- if (result.status === 'fulfilled' && result.value) {
3532
- threats.push(result.value);
2009
+ validate() {
2010
+ const errors = [];
2011
+ // Validate performance settings
2012
+ if (this.config.performance?.maxConcurrency !== undefined) {
2013
+ if (this.config.performance.maxConcurrency < 1) {
2014
+ errors.push('maxConcurrency must be at least 1');
2015
+ }
2016
+ if (this.config.performance.maxConcurrency > 50) {
2017
+ errors.push('maxConcurrency should not exceed 50');
3533
2018
  }
3534
2019
  }
3535
- return threats;
2020
+ // Validate security settings
2021
+ if (this.config.security?.maxFileSize !== undefined) {
2022
+ if (this.config.security.maxFileSize < 1024) {
2023
+ errors.push('maxFileSize must be at least 1KB');
2024
+ }
2025
+ }
2026
+ if (this.config.security?.scanTimeout !== undefined) {
2027
+ if (this.config.security.scanTimeout < 1000) {
2028
+ errors.push('scanTimeout must be at least 1000ms');
2029
+ }
2030
+ }
2031
+ // Validate advanced settings
2032
+ if (this.config.advanced?.maxArchiveDepth !== undefined) {
2033
+ if (this.config.advanced.maxArchiveDepth < 1) {
2034
+ errors.push('maxArchiveDepth must be at least 1');
2035
+ }
2036
+ if (this.config.advanced.maxArchiveDepth > 20) {
2037
+ errors.push('maxArchiveDepth should not exceed 20');
2038
+ }
2039
+ }
2040
+ return {
2041
+ valid: errors.length === 0,
2042
+ errors,
2043
+ };
3536
2044
  }
3537
2045
  /**
3538
- * Enhance scan report with threat intelligence
2046
+ * Deep merge configuration objects
3539
2047
  */
3540
- async enhanceScanReport(content, report) {
3541
- // Calculate file hash
3542
- const hash = createHash('sha256').update(content).digest('hex');
3543
- // Check threat intelligence
3544
- const threatIntel = await this.checkHash(hash);
3545
- // Calculate risk score
3546
- const riskScore = this.calculateRiskScore(report, threatIntel);
2048
+ mergeConfig(base, updates) {
3547
2049
  return {
3548
- ...report,
3549
- fileHash: hash,
3550
- threatIntel: threatIntel.length > 0 ? threatIntel : undefined,
3551
- riskScore,
2050
+ ...base,
2051
+ ...updates,
2052
+ performance: {
2053
+ ...base.performance,
2054
+ ...updates.performance,
2055
+ cacheOptions: {
2056
+ ...base.performance?.cacheOptions,
2057
+ ...updates.performance?.cacheOptions,
2058
+ },
2059
+ },
2060
+ security: {
2061
+ ...base.security,
2062
+ ...updates.security,
2063
+ },
2064
+ advanced: {
2065
+ ...base.advanced,
2066
+ ...updates.advanced,
2067
+ },
2068
+ logging: {
2069
+ ...base.logging,
2070
+ ...updates.logging,
2071
+ },
2072
+ callbacks: {
2073
+ ...base.callbacks,
2074
+ ...updates.callbacks,
2075
+ },
2076
+ presetOptions: {
2077
+ ...base.presetOptions,
2078
+ ...updates.presetOptions,
2079
+ },
3552
2080
  };
3553
2081
  }
3554
2082
  /**
3555
- * Calculate overall risk score based on scan results and threat intel
2083
+ * Export configuration as JSON
3556
2084
  */
3557
- calculateRiskScore(report, threats) {
3558
- let score = 0;
3559
- // Base score from verdict
3560
- switch (report.verdict) {
3561
- case 'malicious':
3562
- score += 70;
3563
- break;
3564
- case 'suspicious':
3565
- score += 40;
3566
- break;
3567
- case 'clean':
3568
- score += 0;
3569
- break;
2085
+ toJSON() {
2086
+ return JSON.stringify(this.config, null, 2);
2087
+ }
2088
+ /**
2089
+ * Load configuration from JSON
2090
+ */
2091
+ fromJSON(json) {
2092
+ try {
2093
+ const parsed = JSON.parse(json);
2094
+ this.config = this.mergeConfig(DEFAULT_CONFIG, parsed);
3570
2095
  }
3571
- // Add points for number of matches
3572
- score += Math.min(report.matches.length * 5, 20);
3573
- // Add points from threat intelligence
3574
- if (threats.length > 0) {
3575
- const maxThreat = Math.max(...threats.map(t => t.threatLevel));
3576
- score = Math.max(score, maxThreat);
2096
+ catch (error) {
2097
+ throw new Error(`Failed to parse configuration JSON: ${error}`);
3577
2098
  }
3578
- return Math.min(score, 100);
3579
2099
  }
3580
2100
  }
3581
2101
  /**
3582
- * Create default threat intelligence aggregator
3583
- */
3584
- function createThreatIntelligence() {
3585
- return new ThreatIntelligenceAggregator();
2102
+ * Create a new configuration manager
2103
+ */
2104
+ function createConfig(config) {
2105
+ return new ConfigManager(config);
3586
2106
  }
3587
2107
  /**
3588
- * Helper to get file hash
2108
+ * Get a preset configuration
3589
2109
  */
3590
- function getFileHash(content) {
3591
- return createHash('sha256').update(content).digest('hex');
2110
+ function getPresetConfig(preset) {
2111
+ return { ...DEFAULT_CONFIG, ...CONFIG_PRESETS[preset] };
3592
2112
  }
3593
2113
 
3594
2114
  /**
3595
- * Export utilities for scan results
3596
- * @module utils/export
3597
- */
3598
- /**
3599
- * Export scan results to various formats
2115
+ * HIPAA Compliance Module for Pompelmi
2116
+ *
2117
+ * This module provides comprehensive HIPAA compliance features for healthcare environments
2118
+ * where Pompelmi is used to analyze potentially compromised systems containing PHI.
2119
+ *
2120
+ * Key protections:
2121
+ * - Data sanitization and redaction
2122
+ * - Secure temporary file handling
2123
+ * - Audit logging
2124
+ * - Memory protection
2125
+ * - Error message sanitization
3600
2126
  */
3601
- class ScanResultExporter {
3602
- /**
3603
- * Export to JSON format
3604
- */
3605
- toJSON(reports, options = {}) {
3606
- const data = Array.isArray(reports) ? reports : [reports];
3607
- if (!options.includeDetails) {
3608
- // Simplified output
3609
- const simplified = data.map(r => ({
3610
- verdict: r.verdict,
3611
- file: r.file?.name,
3612
- matches: r.matches.length,
3613
- durationMs: r.durationMs,
3614
- }));
3615
- return options.prettyPrint
3616
- ? JSON.stringify(simplified, null, 2)
3617
- : JSON.stringify(simplified);
3618
- }
3619
- return options.prettyPrint
3620
- ? JSON.stringify(data, null, 2)
3621
- : JSON.stringify(data);
3622
- }
3623
- /**
3624
- * Export to CSV format
3625
- */
3626
- toCSV(reports, options = {}) {
3627
- const data = Array.isArray(reports) ? reports : [reports];
3628
- const headers = [
3629
- 'filename',
3630
- 'verdict',
3631
- 'matches_count',
3632
- 'file_size',
3633
- 'mime_type',
3634
- 'duration_ms',
3635
- 'engine',
3636
- ];
3637
- if (options.includeDetails) {
3638
- headers.push('reasons', 'match_rules');
3639
- }
3640
- const rows = data.map(report => {
3641
- const row = [
3642
- this.escapeCsv(report.file?.name || 'unknown'),
3643
- report.verdict,
3644
- report.matches.length.toString(),
3645
- (report.file?.size || 0).toString(),
3646
- this.escapeCsv(report.file?.mimeType || 'unknown'),
3647
- (report.durationMs || 0).toString(),
3648
- report.engine || 'unknown',
3649
- ];
3650
- if (options.includeDetails) {
3651
- row.push(this.escapeCsv((report.reasons || []).join('; ')), this.escapeCsv(report.matches.map(m => m.rule).join('; ')));
3652
- }
3653
- return row.join(',');
3654
- });
3655
- return [headers.join(','), ...rows].join('\n');
2127
+ class HipaaComplianceManager {
2128
+ constructor(config) {
2129
+ this.auditEvents = [];
2130
+ this.config = {
2131
+ sanitizeErrors: true,
2132
+ sanitizeFilenames: true,
2133
+ encryptTempFiles: true,
2134
+ memoryProtection: true,
2135
+ requireSecureTransport: true,
2136
+ ...config,
2137
+ enabled: config.enabled !== undefined ? config.enabled : true
2138
+ };
2139
+ this.sessionId = this.generateSessionId();
3656
2140
  }
3657
2141
  /**
3658
- * Export to Markdown format
2142
+ * Sanitize filename to prevent PHI leakage in logs
3659
2143
  */
3660
- toMarkdown(reports, options = {}) {
3661
- const data = Array.isArray(reports) ? reports : [reports];
3662
- let md = '# Scan Results\n\n';
3663
- md += `**Total Scans:** ${data.length}\n\n`;
3664
- const clean = data.filter(r => r.verdict === 'clean').length;
3665
- const suspicious = data.filter(r => r.verdict === 'suspicious').length;
3666
- const malicious = data.filter(r => r.verdict === 'malicious').length;
3667
- md += '## Summary\n\n';
3668
- md += `- ✅ Clean: ${clean}\n`;
3669
- md += `- ⚠️ Suspicious: ${suspicious}\n`;
3670
- md += `- ❌ Malicious: ${malicious}\n\n`;
3671
- md += '## Detailed Results\n\n';
3672
- for (const report of data) {
3673
- const icon = report.verdict === 'clean' ? '✅' : report.verdict === 'suspicious' ? '⚠️' : '❌';
3674
- md += `### ${icon} ${report.file?.name || 'Unknown'}\n\n`;
3675
- md += `- **Verdict:** ${report.verdict}\n`;
3676
- md += `- **Size:** ${this.formatBytes(report.file?.size || 0)}\n`;
3677
- md += `- **MIME Type:** ${report.file?.mimeType || 'unknown'}\n`;
3678
- md += `- **Duration:** ${report.durationMs || 0}ms\n`;
3679
- md += `- **Matches:** ${report.matches.length}\n`;
3680
- if (options.includeDetails && report.matches.length > 0) {
3681
- md += '\n**Match Details:**\n';
3682
- for (const match of report.matches) {
3683
- md += `- ${match.rule}`;
3684
- if (match.tags && match.tags.length > 0) {
3685
- md += ` (${match.tags.join(', ')})`;
3686
- }
3687
- md += '\n';
3688
- }
3689
- }
3690
- md += '\n';
2144
+ sanitizeFilename(filename) {
2145
+ if (!this.config.enabled || !this.config.sanitizeFilenames || !filename) {
2146
+ return filename || 'unknown';
3691
2147
  }
3692
- return md;
3693
- }
3694
- /**
3695
- * Export to SARIF format (Static Analysis Results Interchange Format)
3696
- * Useful for CI/CD integration
3697
- */
3698
- toSARIF(reports, options = {}) {
3699
- const data = Array.isArray(reports) ? reports : [reports];
3700
- const results = data.flatMap(report => {
3701
- if (report.verdict === 'clean')
3702
- return [];
3703
- return report.matches.map(match => ({
3704
- ruleId: match.rule,
3705
- level: report.verdict === 'malicious' ? 'error' : 'warning',
3706
- message: {
3707
- text: `${match.rule} detected in ${report.file?.name || 'unknown file'}`,
3708
- },
3709
- locations: [
3710
- {
3711
- physicalLocation: {
3712
- artifactLocation: {
3713
- uri: report.file?.name || 'unknown',
3714
- },
3715
- },
3716
- },
3717
- ],
3718
- properties: {
3719
- tags: match.tags,
3720
- metadata: match.meta,
3721
- },
3722
- }));
3723
- });
3724
- const sarif = {
3725
- version: '2.1.0',
3726
- $schema: 'https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json',
3727
- runs: [
3728
- {
3729
- tool: {
3730
- driver: {
3731
- name: 'Pompelmi',
3732
- version: '0.29.0',
3733
- informationUri: 'https://pompelmi.github.io/pompelmi/',
3734
- },
3735
- },
3736
- results,
3737
- },
3738
- ],
3739
- };
3740
- return options.prettyPrint
3741
- ? JSON.stringify(sarif, null, 2)
3742
- : JSON.stringify(sarif);
2148
+ // Remove potentially sensitive path information
2149
+ const basename = path.basename(filename);
2150
+ // Hash the filename to create a consistent but non-revealing identifier
2151
+ const hash = crypto.createHash('sha256').update(basename).digest('hex').substring(0, 8);
2152
+ // Preserve file extension for analysis purposes
2153
+ const ext = path.extname(basename);
2154
+ return `file_${hash}${ext}`;
3743
2155
  }
3744
2156
  /**
3745
- * Export to HTML format
2157
+ * Sanitize error messages to prevent PHI exposure
3746
2158
  */
3747
- toHTML(reports, options = {}) {
3748
- const data = Array.isArray(reports) ? reports : [reports];
3749
- const clean = data.filter(r => r.verdict === 'clean').length;
3750
- const suspicious = data.filter(r => r.verdict === 'suspicious').length;
3751
- const malicious = data.filter(r => r.verdict === 'malicious').length;
3752
- let html = `<!DOCTYPE html>
3753
- <html lang="en">
3754
- <head>
3755
- <meta charset="UTF-8">
3756
- <meta name="viewport" content="width=device-width, initial-scale=1.0">
3757
- <title>Pompelmi Scan Results</title>
3758
- <style>
3759
- body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; max-width: 1200px; margin: 0 auto; padding: 20px; }
3760
- .summary { display: grid; grid-template-columns: repeat(3, 1fr); gap: 20px; margin: 20px 0; }
3761
- .card { padding: 20px; border-radius: 8px; text-align: center; }
3762
- .clean { background: #d4edda; color: #155724; }
3763
- .suspicious { background: #fff3cd; color: #856404; }
3764
- .malicious { background: #f8d7da; color: #721c24; }
3765
- .result { border: 1px solid #ddd; border-radius: 8px; padding: 15px; margin: 10px 0; }
3766
- .result h3 { margin-top: 0; }
3767
- .badge { display: inline-block; padding: 4px 8px; border-radius: 4px; font-size: 0.8em; margin: 2px; }
3768
- table { width: 100%; border-collapse: collapse; }
3769
- th, td { padding: 8px; text-align: left; border-bottom: 1px solid #ddd; }
3770
- </style>
3771
- </head>
3772
- <body>
3773
- <h1>🛡️ Pompelmi Scan Results</h1>
3774
- <div class="summary">
3775
- <div class="card clean"><h2>${clean}</h2><p>Clean Files</p></div>
3776
- <div class="card suspicious"><h2>${suspicious}</h2><p>Suspicious Files</p></div>
3777
- <div class="card malicious"><h2>${malicious}</h2><p>Malicious Files</p></div>
3778
- </div>
3779
- <h2>Detailed Results</h2>`;
3780
- for (const report of data) {
3781
- const statusClass = report.verdict;
3782
- html += `<div class="result ${statusClass}">`;
3783
- html += `<h3>${this.escapeHtml(report.file?.name || 'Unknown')}</h3>`;
3784
- html += `<table>`;
3785
- html += `<tr><th>Verdict</th><td>${report.verdict.toUpperCase()}</td></tr>`;
3786
- html += `<tr><th>Size</th><td>${this.formatBytes(report.file?.size || 0)}</td></tr>`;
3787
- html += `<tr><th>MIME Type</th><td>${this.escapeHtml(report.file?.mimeType || 'unknown')}</td></tr>`;
3788
- html += `<tr><th>Duration</th><td>${report.durationMs || 0}ms</td></tr>`;
3789
- html += `<tr><th>Matches</th><td>${report.matches.length}</td></tr>`;
3790
- html += `</table>`;
3791
- if (options.includeDetails && report.matches.length > 0) {
3792
- html += `<h4>Match Details:</h4><ul>`;
3793
- for (const match of report.matches) {
3794
- html += `<li><strong>${this.escapeHtml(match.rule)}</strong>`;
3795
- if (match.tags && match.tags.length > 0) {
3796
- html += ` ${match.tags.map(tag => `<span class="badge">${this.escapeHtml(tag)}</span>`).join('')}`;
3797
- }
3798
- html += `</li>`;
3799
- }
3800
- html += `</ul>`;
3801
- }
3802
- html += `</div>`;
2159
+ sanitizeError(error) {
2160
+ if (!this.config.enabled || !this.config.sanitizeErrors) {
2161
+ return typeof error === 'string' ? error : error.message;
3803
2162
  }
3804
- html += `</body></html>`;
3805
- return html;
2163
+ const message = typeof error === 'string' ? error : error.message;
2164
+ // Remove common patterns that might contain PHI
2165
+ let sanitized = message
2166
+ // Remove file paths
2167
+ .replace(/[A-Za-z]:\\\\[^\\s]+/g, '[REDACTED_PATH]')
2168
+ .replace(/\/[^\\s]+/g, '[REDACTED_PATH]')
2169
+ // Remove potential patient identifiers (numbers that could be MRNs, SSNs)
2170
+ .replace(/\\b\\d{3}-?\\d{2}-?\\d{4}\\b/g, '[REDACTED_ID]')
2171
+ .replace(/\\b\\d{6,}\\b/g, '[REDACTED_ID]')
2172
+ // Remove email addresses
2173
+ .replace(/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}/g, '[REDACTED_EMAIL]')
2174
+ // Remove potential names (capitalize words in error messages)
2175
+ .replace(/\\b[A-Z][a-z]+\\s+[A-Z][a-z]+\\b/g, '[REDACTED_NAME]')
2176
+ // Remove IP addresses
2177
+ .replace(/\\b(?:\\d{1,3}\\.){3}\\d{1,3}\\b/g, '[REDACTED_IP]');
2178
+ return sanitized;
3806
2179
  }
3807
2180
  /**
3808
- * Export to specified format
2181
+ * Create secure temporary file path with encryption if enabled
3809
2182
  */
3810
- export(reports, format, options = {}) {
3811
- switch (format) {
3812
- case 'json':
3813
- return this.toJSON(reports, options);
3814
- case 'csv':
3815
- return this.toCSV(reports, options);
3816
- case 'markdown':
3817
- return this.toMarkdown(reports, options);
3818
- case 'html':
3819
- return this.toHTML(reports, options);
3820
- case 'sarif':
3821
- return this.toSARIF(reports, options);
3822
- default:
3823
- throw new Error(`Unsupported export format: ${format}`);
2183
+ createSecureTempPath(prefix = 'pompelmi') {
2184
+ if (!this.config.enabled) {
2185
+ return path.join(os.tmpdir(), `${prefix}-${Date.now()}-${Math.random().toString(36).slice(2)}`);
3824
2186
  }
2187
+ // Use cryptographically secure random names
2188
+ const randomId = crypto.randomBytes(16).toString('hex');
2189
+ const timestamp = Date.now();
2190
+ // Create path in secure temp directory
2191
+ const secureTempDir = this.getSecureTempDir();
2192
+ const tempPath = path.join(secureTempDir, `${prefix}-${timestamp}-${randomId}`);
2193
+ this.auditLog('temp_file_created', {
2194
+ action: 'create_temp_file',
2195
+ success: true,
2196
+ metadata: { path: this.sanitizeFilename(tempPath) }
2197
+ });
2198
+ return tempPath;
3825
2199
  }
3826
- escapeCsv(value) {
3827
- if (value.includes(',') || value.includes('"') || value.includes('\n')) {
3828
- return `"${value.replace(/"/g, '""')}"`;
2200
+ /**
2201
+ * Get or create secure temporary directory with restricted permissions
2202
+ */
2203
+ getSecureTempDir() {
2204
+ const secureTempPath = path.join(os.tmpdir(), 'pompelmi-secure');
2205
+ try {
2206
+ const fs = require('fs');
2207
+ if (!fs.existsSync(secureTempPath)) {
2208
+ fs.mkdirSync(secureTempPath, { mode: 0o700 }); // Owner read/write/execute only
2209
+ }
3829
2210
  }
3830
- return value;
3831
- }
3832
- escapeHtml(value) {
3833
- return value
3834
- .replace(/&/g, '&amp;')
3835
- .replace(/</g, '&lt;')
3836
- .replace(/>/g, '&gt;')
3837
- .replace(/"/g, '&quot;')
3838
- .replace(/'/g, '&#039;');
3839
- }
3840
- formatBytes(bytes) {
3841
- if (bytes === 0)
3842
- return '0 Bytes';
3843
- const k = 1024;
3844
- const sizes = ['Bytes', 'KB', 'MB', 'GB'];
3845
- const i = Math.floor(Math.log(bytes) / Math.log(k));
3846
- return Math.round(bytes / Math.pow(k, i) * 100) / 100 + ' ' + sizes[i];
3847
- }
3848
- }
3849
- /**
3850
- * Quick export helper
3851
- */
3852
- function exportScanResults(reports, format, options) {
3853
- const exporter = new ScanResultExporter();
3854
- return exporter.export(reports, format, options);
3855
- }
3856
-
3857
- /**
3858
- * Advanced configuration system for pompelmi
3859
- * @module config
3860
- */
3861
- /**
3862
- * Default configuration
3863
- */
3864
- const DEFAULT_CONFIG = {
3865
- defaultPreset: 'zip-basic',
3866
- performance: {
3867
- enableCache: false,
3868
- enablePerformanceTracking: false,
3869
- enableParallel: true,
3870
- maxConcurrency: 5,
3871
- cacheOptions: {
3872
- maxSize: 1000,
3873
- ttl: 3600000, // 1 hour
3874
- enableLRU: true,
3875
- enableStats: false,
3876
- },
3877
- },
3878
- security: {
3879
- maxFileSize: 100 * 1024 * 1024, // 100MB
3880
- enableThreatIntel: false,
3881
- scanTimeout: 30000, // 30 seconds
3882
- strictMode: false,
3883
- },
3884
- advanced: {
3885
- enablePolyglotDetection: true,
3886
- enableObfuscationDetection: true,
3887
- enableNestedArchiveAnalysis: true,
3888
- maxArchiveDepth: 5,
3889
- },
3890
- logging: {
3891
- verbose: false,
3892
- level: 'info',
3893
- enableStats: false,
3894
- },
3895
- };
3896
- /**
3897
- * Configuration presets for common use cases
3898
- */
3899
- const CONFIG_PRESETS = {
3900
- /** Fast scanning with minimal features */
3901
- fast: {
3902
- defaultPreset: 'basic',
3903
- performance: {
3904
- enableCache: true,
3905
- enablePerformanceTracking: false,
3906
- maxConcurrency: 10,
3907
- },
3908
- advanced: {
3909
- enablePolyglotDetection: false,
3910
- enableObfuscationDetection: false,
3911
- enableNestedArchiveAnalysis: false,
3912
- },
3913
- },
3914
- /** Balanced scanning (recommended) */
3915
- balanced: DEFAULT_CONFIG,
3916
- /** Thorough scanning with all features */
3917
- thorough: {
3918
- defaultPreset: 'advanced',
3919
- performance: {
3920
- enableCache: true,
3921
- enablePerformanceTracking: true,
3922
- maxConcurrency: 3,
3923
- },
3924
- security: {
3925
- maxFileSize: 500 * 1024 * 1024, // 500MB
3926
- enableThreatIntel: true,
3927
- scanTimeout: 60000, // 60 seconds
3928
- strictMode: true,
3929
- },
3930
- advanced: {
3931
- enablePolyglotDetection: true,
3932
- enableObfuscationDetection: true,
3933
- enableNestedArchiveAnalysis: true,
3934
- maxArchiveDepth: 10,
3935
- },
3936
- logging: {
3937
- verbose: true,
3938
- level: 'debug',
3939
- enableStats: true,
3940
- },
3941
- },
3942
- /** Production-ready configuration */
3943
- production: {
3944
- defaultPreset: 'advanced',
3945
- performance: {
3946
- enableCache: true,
3947
- enablePerformanceTracking: true,
3948
- maxConcurrency: 5,
3949
- cacheOptions: {
3950
- maxSize: 5000,
3951
- ttl: 7200000, // 2 hours
3952
- enableLRU: true,
3953
- enableStats: true,
3954
- },
3955
- },
3956
- security: {
3957
- maxFileSize: 200 * 1024 * 1024, // 200MB
3958
- enableThreatIntel: true,
3959
- scanTimeout: 45000,
3960
- strictMode: false,
3961
- },
3962
- advanced: {
3963
- enablePolyglotDetection: true,
3964
- enableObfuscationDetection: true,
3965
- enableNestedArchiveAnalysis: true,
3966
- maxArchiveDepth: 7,
3967
- },
3968
- logging: {
3969
- verbose: false,
3970
- level: 'warn',
3971
- enableStats: true,
3972
- },
3973
- },
3974
- /** Development configuration */
3975
- development: {
3976
- defaultPreset: 'basic',
3977
- performance: {
3978
- enableCache: false,
3979
- enablePerformanceTracking: true,
3980
- maxConcurrency: 3,
3981
- },
3982
- security: {
3983
- maxFileSize: 50 * 1024 * 1024, // 50MB
3984
- scanTimeout: 15000,
3985
- strictMode: false,
3986
- },
3987
- logging: {
3988
- verbose: true,
3989
- level: 'debug',
3990
- enableStats: true,
3991
- },
3992
- },
3993
- };
3994
- /**
3995
- * Configuration manager
3996
- */
3997
- class ConfigManager {
3998
- constructor(initialConfig) {
3999
- this.config = this.mergeConfig(DEFAULT_CONFIG, initialConfig || {});
2211
+ catch (error) {
2212
+ // Fallback to system temp
2213
+ return os.tmpdir();
2214
+ }
2215
+ return secureTempPath;
4000
2216
  }
4001
2217
  /**
4002
- * Get current configuration
2218
+ * Secure file cleanup with multiple overwrite passes
4003
2219
  */
4004
- getConfig() {
4005
- return { ...this.config };
2220
+ async secureFileCleanup(filePath) {
2221
+ if (!this.config.enabled) {
2222
+ try {
2223
+ const fs = await import('fs/promises');
2224
+ await fs.unlink(filePath);
2225
+ }
2226
+ catch {
2227
+ // Ignore cleanup errors
2228
+ }
2229
+ return;
2230
+ }
2231
+ try {
2232
+ const fs = await import('fs/promises');
2233
+ const stats = await fs.stat(filePath);
2234
+ if (this.config.memoryProtection) {
2235
+ // Overwrite file with random data multiple times (DoD 5220.22-M standard)
2236
+ const fileSize = stats.size;
2237
+ const buffer = crypto.randomBytes(Math.min(fileSize, 64 * 1024)); // 64KB chunks
2238
+ for (let pass = 0; pass < 3; pass++) {
2239
+ const handle = await fs.open(filePath, 'r+');
2240
+ try {
2241
+ for (let offset = 0; offset < fileSize; offset += buffer.length) {
2242
+ const chunk = offset + buffer.length > fileSize
2243
+ ? buffer.subarray(0, fileSize - offset)
2244
+ : buffer;
2245
+ await handle.write(chunk, 0, chunk.length, offset);
2246
+ }
2247
+ await handle.sync();
2248
+ }
2249
+ finally {
2250
+ await handle.close();
2251
+ }
2252
+ }
2253
+ }
2254
+ // Final deletion
2255
+ await fs.unlink(filePath);
2256
+ this.auditLog('temp_file_deleted', {
2257
+ action: 'secure_delete',
2258
+ success: true,
2259
+ metadata: {
2260
+ path: this.sanitizeFilename(filePath),
2261
+ overwritePasses: this.config.memoryProtection ? 3 : 0
2262
+ }
2263
+ });
2264
+ }
2265
+ catch (error) {
2266
+ this.auditLog('temp_file_deleted', {
2267
+ action: 'secure_delete',
2268
+ success: false,
2269
+ sanitizedError: this.sanitizeError(error),
2270
+ metadata: { path: this.sanitizeFilename(filePath) }
2271
+ });
2272
+ }
4006
2273
  }
4007
2274
  /**
4008
- * Update configuration
2275
+ * Calculate secure file hash for audit purposes
4009
2276
  */
4010
- updateConfig(updates) {
4011
- this.config = this.mergeConfig(this.config, updates);
2277
+ calculateFileHash(data) {
2278
+ return crypto.createHash('sha256').update(data).digest('hex');
4012
2279
  }
4013
2280
  /**
4014
- * Load a preset configuration
2281
+ * Log audit event
4015
2282
  */
4016
- loadPreset(preset) {
4017
- const presetConfig = CONFIG_PRESETS[preset];
4018
- this.config = this.mergeConfig(DEFAULT_CONFIG, presetConfig);
2283
+ auditLog(eventType, details) {
2284
+ if (!this.config.enabled)
2285
+ return;
2286
+ const event = {
2287
+ timestamp: new Date().toISOString(),
2288
+ eventType,
2289
+ sessionId: this.sessionId,
2290
+ details: {
2291
+ action: details.action || 'unknown',
2292
+ success: details.success ?? true,
2293
+ ...details
2294
+ }
2295
+ };
2296
+ this.auditEvents.push(event);
2297
+ // Write to audit log file if configured
2298
+ if (this.config.auditLogPath) {
2299
+ this.writeAuditLog(event).catch(() => {
2300
+ // Silent failure to prevent error loops
2301
+ });
2302
+ }
4019
2303
  }
4020
2304
  /**
4021
- * Reset to default configuration
2305
+ * Write audit event to file
4022
2306
  */
4023
- reset() {
4024
- this.config = { ...DEFAULT_CONFIG };
2307
+ async writeAuditLog(event) {
2308
+ if (!this.config.auditLogPath)
2309
+ return;
2310
+ try {
2311
+ const fs = await import('fs/promises');
2312
+ const logLine = JSON.stringify(event) + '\\n';
2313
+ await fs.appendFile(this.config.auditLogPath, logLine, { flag: 'a' });
2314
+ }
2315
+ catch {
2316
+ // Silent failure
2317
+ }
4025
2318
  }
4026
2319
  /**
4027
- * Get a specific configuration value
2320
+ * Generate cryptographically secure session ID
4028
2321
  */
4029
- get(key) {
4030
- return this.config[key];
2322
+ generateSessionId() {
2323
+ return crypto.randomBytes(16).toString('hex');
4031
2324
  }
4032
2325
  /**
4033
- * Set a specific configuration value
2326
+ * Get current audit events for this session
4034
2327
  */
4035
- set(key, value) {
4036
- this.config[key] = value;
2328
+ getAuditEvents() {
2329
+ return [...this.auditEvents];
4037
2330
  }
4038
2331
  /**
4039
- * Validate configuration
2332
+ * Clear sensitive data from memory
4040
2333
  */
4041
- validate() {
4042
- const errors = [];
4043
- // Validate performance settings
4044
- if (this.config.performance?.maxConcurrency !== undefined) {
4045
- if (this.config.performance.maxConcurrency < 1) {
4046
- errors.push('maxConcurrency must be at least 1');
4047
- }
4048
- if (this.config.performance.maxConcurrency > 50) {
4049
- errors.push('maxConcurrency should not exceed 50');
4050
- }
4051
- }
4052
- // Validate security settings
4053
- if (this.config.security?.maxFileSize !== undefined) {
4054
- if (this.config.security.maxFileSize < 1024) {
4055
- errors.push('maxFileSize must be at least 1KB');
4056
- }
4057
- }
4058
- if (this.config.security?.scanTimeout !== undefined) {
4059
- if (this.config.security.scanTimeout < 1000) {
4060
- errors.push('scanTimeout must be at least 1000ms');
4061
- }
4062
- }
4063
- // Validate advanced settings
4064
- if (this.config.advanced?.maxArchiveDepth !== undefined) {
4065
- if (this.config.advanced.maxArchiveDepth < 1) {
4066
- errors.push('maxArchiveDepth must be at least 1');
4067
- }
4068
- if (this.config.advanced.maxArchiveDepth > 20) {
4069
- errors.push('maxArchiveDepth should not exceed 20');
4070
- }
2334
+ clearSensitiveData() {
2335
+ if (!this.config.enabled || !this.config.memoryProtection)
2336
+ return;
2337
+ // Clear audit events
2338
+ this.auditEvents.length = 0;
2339
+ // Force garbage collection if available
2340
+ if (global.gc) {
2341
+ global.gc();
4071
2342
  }
4072
- return {
4073
- valid: errors.length === 0,
4074
- errors,
4075
- };
4076
- }
4077
- /**
4078
- * Deep merge configuration objects
4079
- */
4080
- mergeConfig(base, updates) {
4081
- return {
4082
- ...base,
4083
- ...updates,
4084
- performance: {
4085
- ...base.performance,
4086
- ...updates.performance,
4087
- cacheOptions: {
4088
- ...base.performance?.cacheOptions,
4089
- ...updates.performance?.cacheOptions,
4090
- },
4091
- },
4092
- security: {
4093
- ...base.security,
4094
- ...updates.security,
4095
- },
4096
- advanced: {
4097
- ...base.advanced,
4098
- ...updates.advanced,
4099
- },
4100
- logging: {
4101
- ...base.logging,
4102
- ...updates.logging,
4103
- },
4104
- callbacks: {
4105
- ...base.callbacks,
4106
- ...updates.callbacks,
4107
- },
4108
- presetOptions: {
4109
- ...base.presetOptions,
4110
- ...updates.presetOptions,
4111
- },
4112
- };
4113
- }
4114
- /**
4115
- * Export configuration as JSON
4116
- */
4117
- toJSON() {
4118
- return JSON.stringify(this.config, null, 2);
4119
2343
  }
4120
2344
  /**
4121
- * Load configuration from JSON
2345
+ * Validate transport security
4122
2346
  */
4123
- fromJSON(json) {
2347
+ validateTransportSecurity(url) {
2348
+ if (!this.config.enabled || !this.config.requireSecureTransport) {
2349
+ return true;
2350
+ }
2351
+ if (!url)
2352
+ return true;
4124
2353
  try {
4125
- const parsed = JSON.parse(json);
4126
- this.config = this.mergeConfig(DEFAULT_CONFIG, parsed);
2354
+ const urlObj = new URL(url);
2355
+ const isSecure = urlObj.protocol === 'https:' || urlObj.hostname === 'localhost' || urlObj.hostname === '127.0.0.1';
2356
+ if (!isSecure) {
2357
+ this.auditLog('security_violation', {
2358
+ action: 'insecure_transport',
2359
+ success: false,
2360
+ metadata: { protocol: urlObj.protocol, hostname: urlObj.hostname }
2361
+ });
2362
+ }
2363
+ return isSecure;
4127
2364
  }
4128
- catch (error) {
4129
- throw new Error(`Failed to parse configuration JSON: ${error}`);
2365
+ catch {
2366
+ return false;
4130
2367
  }
4131
2368
  }
4132
2369
  }
2370
+ // Global HIPAA compliance instance
2371
+ let hipaaManager = null;
4133
2372
  /**
4134
- * Create a new configuration manager
2373
+ * Initialize HIPAA compliance
4135
2374
  */
4136
- function createConfig(config) {
4137
- return new ConfigManager(config);
2375
+ function initializeHipaaCompliance(config) {
2376
+ hipaaManager = new HipaaComplianceManager(config);
2377
+ return hipaaManager;
4138
2378
  }
4139
2379
  /**
4140
- * Get a preset configuration
2380
+ * Get current HIPAA compliance manager
4141
2381
  */
4142
- function getPresetConfig(preset) {
4143
- return { ...DEFAULT_CONFIG, ...CONFIG_PRESETS[preset] };
2382
+ function getHipaaManager() {
2383
+ return hipaaManager;
2384
+ }
2385
+ /**
2386
+ * HIPAA-compliant error wrapper
2387
+ */
2388
+ function createHipaaError(error, context) {
2389
+ const manager = getHipaaManager();
2390
+ if (!manager) {
2391
+ return typeof error === 'string' ? new Error(error) : error;
2392
+ }
2393
+ const sanitizedMessage = manager.sanitizeError(error);
2394
+ const hipaaError = new Error(sanitizedMessage);
2395
+ manager.auditLog('error_occurred', {
2396
+ action: context || 'error',
2397
+ success: false,
2398
+ sanitizedError: sanitizedMessage
2399
+ });
2400
+ return hipaaError;
4144
2401
  }
2402
+ /**
2403
+ * HIPAA-compliant temporary file utilities
2404
+ */
2405
+ const HipaaTemp = {
2406
+ createPath: (prefix) => {
2407
+ const manager = getHipaaManager();
2408
+ return manager ? manager.createSecureTempPath(prefix) : path.join(os.tmpdir(), `${prefix || 'pompelmi'}-${Date.now()}`);
2409
+ },
2410
+ cleanup: async (filePath) => {
2411
+ const manager = getHipaaManager();
2412
+ if (manager) {
2413
+ await manager.secureFileCleanup(filePath);
2414
+ }
2415
+ else {
2416
+ try {
2417
+ const fs = await import('fs/promises');
2418
+ await fs.unlink(filePath);
2419
+ }
2420
+ catch {
2421
+ // Ignore errors
2422
+ }
2423
+ }
2424
+ }
2425
+ };
4145
2426
 
4146
- export { BatchScanner, CONFIG_PRESETS, CommonHeuristicsScanner, ConfigManager, DEFAULT_CONFIG, DEFAULT_POLICY, HipaaComplianceManager, HipaaTemp, LocalThreatIntelligence, PRESET_CONFIGS, PerformanceTracker, SUSPICIOUS_PATTERNS, ScanCacheManager, ScanResultExporter, ThreatIntelligenceAggregator, aggregateScanStats, analyzeNestedArchives, batchScan, composeScanners, createConfig, createHipaaError, createPresetScanner, createThreatIntelligence, createZipBombGuard, definePolicy, detectObfuscatedScripts, detectPolyglot, exportScanResults, getDefaultCache, getFileHash, getHipaaManager, getPresetConfig, initializeHipaaCompliance, mapMatchesToVerdict, resetDefaultCache, scanBytes, scanFile, scanFiles, scanFilesWithRemoteYara, useFileScanner, validateFile };
2427
+ export { ARCHIVES, BatchScanner, CONFIG_PRESETS, CONSERVATIVE_DEFAULT, CommonHeuristicsScanner, ConfigManager, DEFAULT_CONFIG, DEFAULT_POLICY, DOCUMENTS_ONLY, HipaaTemp, IMAGES_ONLY, LocalThreatIntelligence, POLICY_PACKS, PerformanceTracker, STRICT_PUBLIC_UPLOAD, SUSPICIOUS_PATTERNS, ScanCacheManager, ScanResultExporter, ThreatIntelligenceAggregator, aggregateScanStats, analyzeNestedArchives, batchScan, composeScanners, createConfig, createHipaaError, createPresetScanner, createThreatIntelligence, createZipBombGuard, definePolicy, detectObfuscatedScripts, detectPolyglot, exportScanResults, getDefaultCache, getFileHash, getHipaaManager, getPolicyPack, getPresetConfig, initializeHipaaCompliance, mapMatchesToVerdict, resetDefaultCache, scanBytes, scanFile, scanFiles, scanFilesWithRemoteYara, validateFile };
4147
2428
  //# sourceMappingURL=pompelmi.esm.js.map